Business and consumers are recognizing the value of integration of IoT products and systems into their infrastructure. Learn why testing for vulnerabilities before implementation is essential.
- [Instructor] When thinking about security, we generally think of someone trying to breach a system with malicious intent, or possibly someone has made a mistake, or someone has failed to follow established security practices. Or maybe someone has even clicked a link and launched a ransomware attack. Businesses and consumers are recognizing the value of integration of IoT products and systems into their infrastructure.
The IoT will bring challenges and complexities. One of the biggest challenges is security. Securing the IoT is different than securing a data center. When thinking about the IoT and security, we're introducing a new paradigm. This is a large attack surface, and has the potential to compromise the privacy of our information. We compromise our privacy in one of three ways.
Perhaps we volunteer information. This is generally related to a social engineering attack. For example a hacker might say, "I'll need your social security number." The victim will say, "Okay it's 123 45 6789." In some cases, the information is observed, either by eavesdropping on a conversation, shoulder surfing as someone enters their pin at an ATM, or by capturing data via a protocol analysis tool like Wireshark.
Or we could infer information, and that's using an educated guess. For example, if you buy two wireless home cameras to monitor your backyard. We have two known UserIDs and passwords. The first camera has UserID 1234 and password abcd. The second camera has UserID 2345 and password bcde.
We could infer that the third one has a UserID of 3456, and a password of cdef. As the IoT evolves, several groups see the value of creating standards in order to decrease the vulnerabilities and lock down the devices. We're not quite there yet. As a result, many IoT devices are not secure. There are a number of different reasons for this. One, well manufacturers.
Manufacturers feel a sense of urgency in releasing new smart devices, without proper testing. As a result, many have critical flaws. Vendors are determined to market devices and get them to consumers as soon as possible, mainly because of profit. And consumers are anxious to install and use the device, without much consideration for the security. In many cases, they don't even change the default password.
When using IoT devices in a home or an organization, test for vulnerabilities and consider security risk before implementation. This is essential, as privacy could be compromised in many ways.
Lisa Bock kicks off the course with an overview of IoT, and the types of IoT devices designed to improve the quality of life in homes and businesses. Lisa covers different networks that range in size and purpose—LANS, WANS and PANS—and explains how businesses invest heavily in IoT in order to keep a competitive edge, going into IoT developments in automobiles, building automation, and the medical field. She then evaluates consumer devices, such as wearables and mobile devices. Plus, she discusses zero-configuration networking, service discovery, designing IoT security, and more.
- A history of the Internet of Things
- How sensor nodes collect and communicate information
- Data management and process management
- Networking the IoT
- How IoT is transforming and improving businesses
- How IoT is a natural extension and evolution of SCADA
- How IoT affects mobile devices, smart homes, and travel
- Zero-configuration networking
- Testing for vulnerabilities before implementation
- Designing IoT security