The Internet of Everything is Here
-
Upload
lancope-inc -
Category
Technology
-
view
416 -
download
0
Transcript of The Internet of Everything is Here
![Page 1: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/1.jpg)
Keith WilsonSystems Engineer
How Do We Secure It?The Internet of Everything Is Here
![Page 2: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/2.jpg)
2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IoT Security ChallengesThe Ever Expanding Attack Surface
![Page 3: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/3.jpg)
3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security Is Hard
![Page 4: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/4.jpg)
SHODAN – Google Dorking The IoT
![Page 5: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/5.jpg)
5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Defining The Aggressors
Activists Organized Crime Competition Nation States
![Page 6: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/6.jpg)
6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Health CareAll Your Medical Devices Are Belong To Us
• IoT is made up of life saving and life sustaining devices• Most devices have weak passwords, hard coded password,
and/or insecure embedded web servers• Health care companies are a huge target due to the value of
personal medical information.
![Page 7: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/7.jpg)
The Michael Weston Theory of Security vs. Accessibility
![Page 8: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/8.jpg)
8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Health CareAll Your Medical Devices Are Belong To Us
![Page 9: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/9.jpg)
9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ManufacturingAll Your Assembly Lines Are Belong To Us
• IoT has existed for a long time in manufacturing• SCADA Systems are hard to protect due to product
interference• Compromise can lead to physical destruction• Manufacturers are a target because of value of IP
and M&A Data.
![Page 10: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/10.jpg)
10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Financial ServicesAll Your Insurance Data Are Belong To Us
• Insurance companies are embracing IoT• Currently auto insurance companies, but will soon
see health & life insurance companies• Targeted for detailed customer information
![Page 11: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/11.jpg)
11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
RetailAll Your Point of Sale Are Belong To Us
• Retail has been a target by organized crime for years.• More detailed customer information = more attacks
from other groups• IoT could provide pivot points for access to PoS or
manipulation of inventory
![Page 12: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/12.jpg)
12© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IoT Security ChallengesThese Aren’t Your Traditional Devices
![Page 13: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/13.jpg)
13© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Lacks update interface or update mechanism at all• Can be a black box• No encryption or poor encryption
Not Traditional For Admins
![Page 14: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/14.jpg)
14© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Not security experts• Traditional development accounted for patching and updates, IoT
does not
Not Traditional For Developers
![Page 15: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/15.jpg)
15© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IoT Security ChallengesProtecting The Consumer
![Page 16: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/16.jpg)
16© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tobias Zillner, Cognosec
“… security is very often sacrificed or neglected due to fear of reduced or limited usability or fear of breaking backwards compatibility.”
![Page 17: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/17.jpg)
Hacking Nest
![Page 18: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/18.jpg)
The Human SCADA System
![Page 19: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/19.jpg)
19© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Focus AreasWhere Do We Start?
![Page 20: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/20.jpg)
20© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Username enumeration• Account lockout• Weak passwords• Unencrypted services• Poorly implemented encryption• Updates are sent without encryption• Lack of two-factor authentication
Secure At The ApplicationWorking with OWASP
![Page 21: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/21.jpg)
21© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure At The Network
![Page 22: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/22.jpg)
22© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure At The Network
![Page 23: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/23.jpg)
23© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secur At The Network
Recon Exploit Command & Control Pivot Data
StagingData
Exfiltration
Recon Exploit Command & Control Pivot Data
StagingData
Exfiltration
Recon Exploit Command & Control Pivot Data
StagingData
Exfiltration
![Page 24: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/24.jpg)
24© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Helps to maintain security & network performance
• Limit access to and from IoT devices• Logical segmentation is a “soft” approach
that helps with planning and validation
Secure At The NetworkSegmentation
![Page 25: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/25.jpg)
25© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure At The NetworkSegmentation
![Page 26: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/26.jpg)
26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Secure At The NetworkUser Activity Monitoring
![Page 27: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/27.jpg)
27© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Securing At The NetworkUser Activity Monitoring
![Page 28: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/28.jpg)
28© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank [email protected] @detectedanomaly
www.lancope.comwww.detectedanomaly.com/talkingiot
![Page 29: The Internet of Everything is Here](https://reader036.fdocuments.us/reader036/viewer/2022070603/5870beb81a28ab0b4a8b69af/html5/thumbnails/29.jpg)