APrIGF 2015: Security and the Internet of Things
Post on 07-Aug-2015
211 Views
Preview:
Transcript
Issue Date:
Revision:
Security & The Internet of Things (IoTs)Adli Wahid
Security Specialist, APNIC
adli@apnic.net
2
Adli Wahid
• Security Specialist at APNIC
• Security Outreach, Digital Forensics & Incident Response
• Board Member of Forum of Incident Response & Security Teams (FIRST)
• Working with Network Operators, CERTs/CSIRTs, LEAs, NGOs
3
Talking Points
Goal:
To highlight some of the security concerns about the IoTs
1. Internet of Things or Internet of Anything
2. Security Risks
3. Security Considerations
5
IPv6
Security
Privacy
Innovation
Connectivity
Big Data & Cloud
Network
Entrepreneurship Wearables
IoTs
Quality of Life
Multiple Perspectives
7
Security Risks
Confidentiality
Integrity
Availability
Privacy
Loss of Life ?
Loss of $$
Cyber Crime
Zooming into Security
8
Authentication (Password)
Patch & Vulnerability Management
Social Engineering
Security Awareness
Security Breaches
Encryption
Challenges to Security Responder
9
Analysis Fix / Recover
• Source of Attack • Modus Operandi • Command & Control • Indicators of Compromise • Number of Bots / Infected
Computers • Numbers of Samples
• Patch Vulnerable Systems • Apply Firewall Rules • Clean Infected Computers • Disable Vulnerable Services • Remove Malicious Page
10
Heartbleed (CVE-2014-0160)
• Critical Vulnerability affecting a very large user base discovered in April 2014
• 600k systems vulnerable
• Afer 2 months – 300k systems remain unpatched *
• Enterprise vs Home Systems
11
Problems with CPEs• Customer Premise Equipments
• Common Default ‘not-secure’– Default password – Default Services Turned-on
• Case in point – Open DNS Resolvers – Exploited as platform to launch Amplification Attacks Distributed
Denial of Service attacks– Made worse by the relative ease to spoof IP address – (and Getting Away easily for launching attacks)
14
Will Security be the Same?
Limit Exposure of IoTs
Security Management
Default Security?
Roles & Responsibilities
top related