POČÍTAČOVÁ OBRANA A ÚTOK - POU JIŘÍ ZNOJ
|
|
- Lauren Davis
- 5 years ago
- Views:
Transcription
1 Fakulta elektrotechniky a informatiky Vysoká škola báňská - Technická univerzita Ostrava IoT security POČÍTAČOVÁ OBRANA A ÚTOK - POU JIŘÍ ZNOJ
2 Internet a vast computer network linking smaller computer networks worldwide. The Internet includes commercial, educational, governmental, and other networks, all of which use the same set of communications protocols. dictionary.com Tim Berners-Lee, a British scientist at CERN, invented the World Wide Web (WWW) in 1989
3 Internet World Internet Users and 2018 Population Stats World Regions Population ( 2018 Est.) Population % of World Internet Users 31 Dec 2017 Penetration Rate (% Pop.) Growth Internet Users % Africa 1,287,914, % 453,329, % 9,941 % 10.9 % Asia 4,207,588, % 2,023,630, % 1,670 % 48.7 % Europe 827,650, % 704,833, % 570 % 17.0 % Latin America / Caribbean 652,047, % 437,001, % 2,318 % 10.5 % Middle East 254,438, % 164,037, % 4,893 % 3.9 % North America 363,844, % 345,660, % 219 % 8.3 % Oceania / Australia 41,273, % 28,439, % 273 % 0.7 % WORLD TOTAL 7,634,758, % 4,156,932, % 1,052 % % Czech Republic 10,555,130 9,323, %
4 Internet The Indexed Web contains at least 4.51 billion pages (Saturday, 07 April, 2018). The size of the internet is predicted to be 1yb [yottabyte] or 1,000,000,000,000,000 gb (1 quadrillion gigabytes).
5 Things from Internet of Things (IoT) A thing, in the context of the Internet of things (IoT), is an entity or physical object that has a unique identifier, an embedded system and the ability to transfer data over a network. - internetofthingsagenda.techtarget.com Transform chair into a smart chair unique identity ability to communicate senses (Sight, Hearing, Taste, Touch, Smell) machines, vehicles could be controled from enywhere in the world person with a heart monitor implant farm animal with a biochip transponder automobile that has built-in sensors to alert the driver when tire pressure is low any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.
6 IoT (Internet of Things) a network of everyday devices, appliances, and other objects equipped with computer chips and sensors that can collect and transmit data through the Internet. dictionary.com Internet (Million of Web Services) + Things (Billions of sensors, motors, displays, toys, cars, robots, ) system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Kevin Ashton first mentioned the Internet of Things in 1999
7 IoT - Examples
8 IoT - prediction World people population billion Washington Post and Consumer Reports 2017 Holiday Tech Gift Guide where at least 12 out of 17 gifts were IoT devices.
9 IoT - prediction
10 IoT - prediction
11 IoT - prediction
12 IoT - prediction Avast: With IoT growth predicted to more than triple by 2025 to over 75 billion connected things Gartner: typical home could contain more than 500 smart devices by 2022 Dutch Government Invest in security of Internet of Things
13 IoT IPv6 adoption is just a matter of time scalability (number of adresses) Solving the NAT barrier Multi-Stakeholder Support (end devices can have multiple addresses)
14 IoT - technologies Wi-Fi low-energy Bluetooth NFC RFID NFC is a subset of RFID technology NFC tags are short range (up to 4 inches / 10cm), RFID tags can be scanned from a greater distance of up to 300 feet (100 meters) NFC is capable of two-way or P2P communication You can scan multiple RFID tags at once, but only one NFC tag at a time
15 IoT - technologies ZigBee Z-Wave 6LoWPAN
16 IoT - used technologies LPWAN Technologies (low-power wide-area networks) LoRa SigFox 7% of all identified IoT projects make use of the new and upcoming LPWA connectivity technology
17 IoT - used technologies
18 IoT - used technologies
19 IoT Security Market Also, the global IoT market is expected to grow from $655.8 billion to $1.7 trillion in 2020
20 IoT Cybersecurity Risk 600 percent increase in overall IoT attacks in 2017 Cybersecurity Risk = threat vulnerability consequence threat location, motivation (financial, political, competition) vulnerability user names consist of an employee s first and last name, no 2fa, password consequence - loss of sensitive data, physical damage, company name
21 IoT Security on four different levels
22 IoT Security on four different levels developing secure end-to-end IoT solutions requires approach that involves multiple levels and fuses together important security features across four layers even if your smart hub is secure, never forget that the devil is in the details: a tiny thing such as a light bulb could serve as an entry-point for hackers Always change the default password Don t share serial numbers, IP addresses and other info
23 IoT Security on Device Layer the physical thing or product (HW and SW) Software verification and authentication today largely rely on the public key infrastructure (PKI) encryption and certificate scheme. With a private key, the vendor signs his data or his executable file. Effective and secure connectivity must be powered by a smart device able to handle security, encryption, authentication, timestamps, caching, proxies, firewalls, connection loss, etc.
24 IoT Security on Device Layer
25 chip security IoT Security on Device Layer Trusted Platform Module (TPM), a hardware-based root of trust secure booting to ensure only verified software will run on the device physical security protection against attackers with physical access to the device
26 stores RSA encryption keys specific to the host system for hardware authentication IoT Security on Device Layer - TPM Hardware security modules (HSM) are tamper-resistant devices that can securely generate, store and use pairs of keys. A subset of hardware security modules is the Trusted Platform Module (TPM) EK RSA key pair, not accessible by SW SRK created when user or admin takes ownership of the system generated from password and EK AIK protects device agains unauthorized fw and sw modification
27 IoT Security on Device Layer Even the security chip on a credit card, a very low-resource device (as little as 4,000 bytes of storage, for example), has some built-in hardware security and cryptography Another thing that Internet of Things devices do, is that some of them ask for more permissions than they need to. Each extra permission in an IoT device adds another vulnerability layer which can be exploited. The fewer permissions, the more secure your device is.
28 IoT Security on Device Layer - TPM Do equipment vendors provide rootkit malware protection? Is the device vulnerable during installation? Are devices regularly tested for malicious rootkits? Does the IoT architecture enable remote testing of firmware? Can regular service procedures of automation devices introduce vulnerabilities? Can we detect rootkit malware problems?
29 IoT Security on Communications Layer
30 IoT Security on Communications Layer sensitive data are trasmitted / recieved over physical layer (WiFi, or Ethernet) networking layer (IPv6, Modbus or OPC-UA) application layer (MQTT, CoAP or web-sockets) unsecure communication channels can be susceptible to man-in-the-middle attacks or similar.
31 IoT Security on Communications Layer Data-centric security solutions data is safely encrypted while in transit (and at rest) except users (person, device, system, or app) who have encryption key Firewalls and intrusion prevention systems examine traffic flows to detect unwanted intrusions and prevent malicious activities on the communication layer it is usually a bad idea to allow a connection from the Internet to the device software on the device acts as a server, that only communicates with the cloud and does not allow anyone to connect With correct labeling, each message can be handled according to the appropriate security policy different access controlls to different types of messages
32 IoT Security on Communications Layer Can we patch devices remotely? Does IoT architecture limit the damage of unauthorised intrusions? Can third party testing play a role? How should I protect against edge vulnerabilities? Are there unintended linkages across segments of a large IoT system? When should data be stored on the device or the cloud? Which data elements need encryption and to what level? What types of firewalls are used in the IoT cloud? Does the business have the correct culture to address IoT security risks?
33 IoT Security on Cloud Layer
34 IoT Security on Cloud Layer Cloud is software backend of the IoT solution where are data from devices received, analysed and interpreted to generate informations and perform actions Cloud providers are expected to deliver secure and efficient cloud services by default
35 IoT Security on Cloud Layer Sensitive information stored in the cloud (i.e., data at rest) must be encrypted Verify the integrity of other cloud platforms or third party applications that are trying to communicate with your cloud services Digital certificates can play a key role for identification and authentication people usually use password, in some cases 2FA (password + 1-time password generator) devices use certificates, can encrypt channel device cloud
36 IoT Security on Management Layer
37 IoT Security on Management Layer ensuring security from manugacture, through installation to liquidation except security by design, in a life cycle, there is need for policy enforcement regular auditing vendor control
38 IoT Security on Management Layer activity monitoring track, log, detect suspicious activity regular security patches secure remote control send commands to a device is a very powerful, sensitive feature need for update software, resetting device, new config, new functionality, Bugs in software -- even old and well-used code -- are discovered on a regular basis, but many IoT devices lack the capability to be patched, which means they are permanently at risk The key to secure updates and remote control is to ensure that a device does not allow incoming connections (Communication Layer), yet has a bi-directional connection, is correctly secured (Device Layer), uses a message switch as the communications channel (Management Layer) and is correctly implemented
39 IoT Security on Management Layer Can maintenance processes introduce new vulnerabilities? Are access and privilege levels correct for an IoT implementation? Are updates in software or firmware digitally signed or authenticated?
40 IoT top 10 issues 1 Insecure Web Interface 2 Insufficient Authentication/Authorization (default password 1234, admin, ) 3 Insecure Network Services (Telnet, FTP) 4 Lack of Transport Encryption 5 Privacy Concerns 6 Insecure Cloud Interface 7 Insecure Mobile Interface (wireless access points) 8 Insufficient Security Configurability (password policy, data encryption, different levels of access) 9 Insecure Software/Firmware (update encryption) 10 Poor Physical Security
41 IoT Types of IoT attackers
42 IoT Internet of Things botnet
43 2016 IoT botnet Mirai more than half a million smart home devices (such as DVRs, CCTV cameras, routers and printers) were used to conduct a series of large-scale DDoS attacks. (In 2014 a large botnet would have devices) The botnet, using primarily compromised webcams, flooded popular websites with up to 1.2 Tbps in the largest distributed denial of service attack ever recorded ( ) Cisco: average DDoS attack size is increasing steadily and approaching 1.2 Gbps and globally the number of DDoS attacks greater than 1 Gbps grew 172% in 2016 and will increase 2.5-times to 3.1 million by 2021 for example Twitter, Spotify, and Airbnb wasn t accessible
44 IoT botnet Mirai IP addresses of Mirai-infected devices were spotted in 164 countries Vietnam: 12.8% of Mirai botnet IPs
45 IoT botnet Mirai Name Password Name Password Name Password root xc3511 admin smcadmin root jvbzd root vizxv admin 1111 root anko root admin root root zlxx. admin admin root password root 7ujMko0vizxv root root 1234 root 7ujMko0admin root xmhdipc root klv123 root system root default Administrator admin root ikwb root juantech service service root dreambox root supervisor supervisor root user root guest guest root realtek support support guest root 0 root (none) guest admin admin password admin1 password admin 1234 root root administrator 1234 admin root admin user user admin admin (none) ubnt ubnt admin 7ujMko0admin root pass root klv1234 admin 1234 admin admin1234 root Zte521 admin pass root 1111 root hi3518 admin meinsm tech tech mother f***er [censored]
46 IoT botnet Mirai botnet picture video Stop using default/generic passwords. Disable all remote (WAN) access to your devices. scan the following ports to verify if your device has opened following ports: SSH (22), Telnet (23) and HTTP/HTTPS (80/443) you can use this tool
47 IoT botnet Mirai
48 IoT DDoS 2016 Dyn cyberattack attack on web-domain provider Dyn It's unclear whether Mirai is the only botnet being used in the incident.
49 IoT botnet Mirai The source code for Mirai has been published in several hacker forums as opensource. Since the source code was published to the public, the techniques have been adapted in other malware projects. In 2017 a new version of the famous Mirai botnet appeared, to mine cryptocurrencies.
50 IoT botnets in April 2017 Hajime botnet compromised more than 300,000 devices - its purpose remains unknown according to an article published in April 2017, more than 1,000 IP camera models by 354 different vendors had a dangerous vulnerability in the built-in web server. in October 2017 was discovered botnet Reaper - there may be up to two million vulnerable devices. It could become cyberweapon in 2018 we can expect not only IP cameras, but other devices too will envolve into zombie IoT networks
51 IoT entry point to penetrate networks Compromised IoT devices used as an entry point to penetrate the IT and OT network perimeter. IoT devices can be used to penetrate a well-protected network There is evidence that video surveillance systems, as well as other IoT systems, have already been used in targeted attacks
52 IoT Attacks via shared technologies Attacks via shared technologies technologies: ARM CPU architecture Linux OS MQTT (Message Queuing Telemetry Transport) - publish-subscribe-based messaging protocol
53 IoT app device s user interface social engineering dictionary or brute force (nearly 60% of users reuse the same password) encryption storing more info than needs Buffer overflows This happens when a device tries to store too much data into a temporary storage space
54 IoT Vulnerability exploitation Every software has its vulnerabilities Code injection, Cross Site Scripting,
55 IoT Malware attacks
56 IoT Malware attacks - ransomware IOT ransomware ransomware attacks can be very lucrative for cybercriminals we can expect targeting IoT systems, such as smart building components, elements of smart city or public transit infrastructure in many ways todays attacks are similar to early attacks on IT (relativly unsophisticated)
57 IoT new way to traditional crime Penetration of Internet of Things technologies into the sphere of traditional crime Data from IP cameras, smart home, smart city devices can be used to plan and coordinate traditional (non-cyber) crimes Hacking into the sensors controlling the temperature in a power station could trick the operators into making a catastrophic decision; taking control of a driverless car could also end in disaster
58 IoT Smart home
59 IoT Spying In October 2017 internet connected smartwatches for children have been found to contain security vulnerabilities which allow hackers access to track wearer's location eavesdrop on conversations even communicate with the child user. Share is not okay Hackers and scammers Repeatly being targeted by companies It is creepy to be monitored all the time Secondary motives when collecting data Sharing data is okay Free services offered in return for your data Improvement of social and commercial interactions
60 IoT Preparing for the future Windows 95 support until in 2001 Windows 2000 support until in 2010 Windows XP support until in 2014 Windows Vista support until 2017 Windows 7 support until 2020 Windows 8 support until 2023 Windows 10 support until 2025
61
62 IoT Preparing for the future Microsoft ended Skype support for older Windows Phone
63 IoT Preparing for the future Samsung never bothered updating the fridge After two years, that fridge was apparently out of date and no longer supported
64 Solution: IoT Preparing for the future My parents have a fridge 20 years If this fridge would be smart, it will not receive security update Who would provide update for a product that old? Could you buy something (the same model) the same as 20 years ago?
65 IoT Spying - Smart TV Smart TV can track what you watch listen to conversations watching you what can you do to prevent spying disable smart interactivity feature use Apple TV, Amazon Fire Tv, ChromeCast, Nvidia Shield TV, Roku instead - they're designed by people with a clue about security disconnect it from your local network, don t set your Wi-Fi password don t buy smart TV
66 IoT apocalyptic scenarios Smart locker doesn t unlock, smart heating is not working, smart alarm goes crazy, TV shows video of you from yesterday, your smart car is gone Your smart home was hacked, or your unlocked smart phone was stolen Addiction to technologies can t exist without internet, electricity Vendors, advertisements Metadata, government power in wrong hands
67 IoT World Economic Forum report The World Economic Forum recently commissioned a report to create a set of guidelines, designed for board-level use, that address the challenges and risks of cyber security in emerging markets based on hyper-connected technologies
68 IoT Open Web Application Security Project (OWASP) The IoT Attack Surface Areas Project Vulnerabilities mware_analysis
69 IoT hopeful IoT security bill minimum security requirements for federal procurements of connected devices The legislation requires vendor commitments: That their IoT devices are patchable. That the devices don t contain known vulnerabilities. That the devices rely on standard protocols. That the devices don t contain hard-coded passwords.
70 IoT hopeful IoT security bill EU lawmakers want create rules that force companies to meet tough security standards and go through multi-pronged certification processes to guarantee privacy. Commission would encourage companies to come up with a labelling system for internet-connected devices that are approved and secure
71 IoT attacks examples In 2015, a UK based telecom and internet provider Talk Talk were subject to several cyber security breaches where customers data was exposed as it was stored unencrypted in the cloud The firm has announced that millions of people have had their credit card and bank details stolen In 2015, a hacker was able to raise the dosage limit on medication delivered to patients through a Hospira drug infusion pump The Uber data breach which took place in October 2016 and exposed the data of 57 million customers and drivers Uber said that it had paid hackers $100,000 to destroy data
18-642: Security Vulnerabilities
18-642: Security Vulnerabilities 11/20/2017 Security Vulnerabilities Anti-Patterns for vulnerabilities Ignoring vulnerabilities until attacked Assuming vulnerabilities won t be exploited: Unsecure embedded
More informationUnderstanding the Mirai Botnet
Understanding the Mirai Botnet Manos Antonakakis, Tim April, Michael Bailey, Matthew Bernhard, Elie Bursztein Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi Michalis Kallitsis!, Deepak
More informationThe Internet of Things. Steven M. Bellovin November 24,
The Internet of Things Steven M. Bellovin November 24, 2014 1 What is the Internet of Things? Non-computing devices...... with CPUs... and connectivity (Without connectivity, it s a simple embedded system)
More informationCYBERSECURITY AND SERVICE STATIONS
CYBERSECURITY AND SERVICE STATIONS Hocine AMEUR and Simon Elrharbi hocine.ameur@coessi.fr simon.elrharbi@coessi.fr 1 AGENDA 1. WHO WE ARE 2. IoT and Security 3. Connected service stations security 4. How
More informationInternet of Things (IoT) Attacks. The Internet of Things (IoT) is based off a larger concept; the Internet of Things came
Victoria Ellsworth Dr. Ping Li ICTN 4040 04/11/17 Internet of Things (IoT) Attacks The Internet of Things (IoT) is based off a larger concept; the Internet of Things came from idea of the Internet of Everything.
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationCyber Security: It s all about TRUST
www.pwc.com/vn Cyber Security: It s all about TRUST 29 th March 2017 Robert Tran Cybersecurity leader, Vietnam Content s Digital IQ Survey 1 Current state of Cybersecurity in Vietnam 2 2 Our global team
More informationCSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT
CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT The Market and the Trend Cyber security market (2020): USD 170.21 billion, CAGR ~10% Storage market (2020): USD 18.28 billion, CAGR 22% Tons of data to
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationCourse Outline (version 2)
Course Outline (version 2) Page. 1 CERTIFIED SECURE COMPUTER USER This course is aimed at end users in order to educate them about the main threats to their data s security. It also equips the students
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationIoT and Smart Infrastructure efforts in ENISA
IoT and Smart Infrastructure efforts in ENISA Dr. Dan Tofan IoT workshop BEREC 01.02.2017, Brussels European Union Agency for Network and Information Security Everything becomes connected Manufacturers
More informationEthical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition
Ethical Hacking and Countermeasures: Secure Network Operating Systems and Infrastructures, Second Edition Chapter 7 Hacking Mobile Phones, PDAs, and Handheld Devices Objectives After completing this chapter,
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationSecurity: Internet of Things
Security: Internet of Things Based on Trusted Flows Kyle Haefner Background - What is IoT Security? Security of the Internet of Things is just security at a larger scale -- Steve Lovaas Colorado State
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationIntelligent and Secure Network
Intelligent and Secure Network BIG-IP IP Global Delivery Intelligence v11.2 IP Intelligence Service Brian Boyan - b.boyan@f5.com Tony Ganzer t.ganzer@f5.com 2 Agenda Welcome & Intro Introduce F5 IP Intelligence
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationSecuring the SMB Cloud Generation
Securing the SMB Cloud Generation Intelligent Protection Against the New Generation of Threats Colin Brackman, National Distribution Manager, Consumer Sales, Symantec Christopher Covert Principal Product
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationCybersmart Buildings: Securing Your Investments in Connectivity and Automation
Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls AIA Quality Assurance The Building Commissioning
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationThe Internet of Things. Presenter: John Balk
The Internet of Things Presenter: John Balk Internet of Things What is IoT? IoT Data / Predictions IoT Players Cyber Threats Why is it Important to You? 2 What is IoT? Linking smart objects to the Internet
More informationCHAPTER 8 SECURING INFORMATION SYSTEMS
CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is
More informationWHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS
July 2018 WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS JUST WHAT THE DOCTOR ORDERED... PROTECT PATIENT DATA, CLINICAL RESEARCH AND CRITICAL INFRASTRUCTURE HEALTHCARE S KEY TO DEFEATING IOT CYBERATTACKS
More informationSecurity of Security. Cyber-Secure? Is Your Security. Mark Bonde Parallel Technologies. Wednesday, Dec. 5, :00 a.m. 11:00 a.m.
Security of Security Is Your Security Cyber-Secure? Wednesday, Dec. 5, 2018 10:00 a.m. 11:00 a.m. Mark Bonde Parallel Technologies Mark Bonde Publisher IPVS Magazine Publication Focused on the transition
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationIT & DATA SECURITY BREACH PREVENTION
IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part 1: Reducing Employee and Application Risks CONTENTS EMPLOYEES: IT security hygiene best practice APPLICATIONS: Make patching a priority AS CORPORATE
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationProtecting Smart Buildings
Protecting Smart Buildings The next frontier of critical infrastructure security Suzanne Rijnbergen - MBA visibility detection control Who am I? Global Director Professional Services @SecurityMatters (ForeScout)
More informationAre You Avoiding These Top 10 File Transfer Risks?
Are You Avoiding These Top 10 File Transfer Risks? 1. 2. 3. 4. Today s Agenda Introduction 10 Common File Transfer Risks Brief GoAnywhere MFT Overview Question & Answer HelpSystems Corporate Overview.
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationCybersecurity with Automated Certificate and Password Management for Surveillance
Cybersecurity with Automated Certificate and Password Management for Surveillance October 2017 ABSTRACT This reference architecture guide describes the reference architecture of a validated solution to
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationKey Aspects of Cybersecurity in the context of Internet of Things (IOT) Raj Kumar
Key Aspects of Cybersecurity in the context of Internet of Things (IOT) Raj Kumar Key Aspects of Cybersecurity in the context of Internet of Things (IOT) IoT Security Challenges and Recent Incidents The
More informationUnderstanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center
Understanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center Speaker: Bill Kleyman, EVP of Digital Solutions - Switch AFCOM and Informa Writer/Contributor (@QuadStack)
More informationCyber Security Guidelines for Public Wi-Fi Networks
Cyber Security Guidelines for Public Wi-Fi Networks Version: 1.0 Author: Cyber Security Policy and Standards Document Classification: PUBLIC Published Date: April 2018 Document History: Version Description
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationتاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم
بنام خدا تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم امنیت بخشی به سیستمهای فناوری اطالعات Securing Information Systems 1 Learning Objectives Describe the business value of security and control.
More informationCopyright 2017 Ford Motor Company, All Rights Reserved
- Research Analyst Digitization - IT Research and Innovation - PhD Candidate University of Michigan Dearborn - Machine Learning in Automotive Security - Vice Chair - IEEE SEM 01 02 03 04 05 Intro Ford
More informationIoT Security in Smart Cities
IoT Security in Smart Cities SIRUS Belgian software company Small and agile company focused on innovation Software craftsmanship where architecture and design are key elements Technology is our DNA Focus
More informationDID WE LOSE THE BATTLE FOR A SECURE WEB?
DID WE LOSE THE BATTLE FOR A SECURE WEB? Philippe De Ryck Guest lecture Capita Selecta, UCLL, December 14 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web
More informationSmart Cities Real Opportunity or Marketing Hype? Aaron Hesse, PE, RCDD Infrastructure Engineer Avista Utilities
Smart Cities Real Opportunity or Marketing Hype? Aaron Hesse, PE, RCDD Infrastructure Engineer Avista Utilities Driving Forces The Smart City Concept Components of a Smart City Smart City Infrastructure
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationIoT Security for the Enterprise
Sameer Dixit, Senior Director, Security Consulting Mike Jack, Senior Manager of Product Marketing The Internet of Things (IoT) plays a key role in the monitoring, supply chain, facility management, and
More informationNRENs and IoT Security: Challenges and Opportunities. Karen O Donoghue TICAL 2018 Cartagena 4 September 2018
NRENs and IoT Security: Challenges and Opportunities Karen O Donoghue TICAL 2018 Cartagena 4 September 2018 The number of IoT devices and systems connected to the Internet will be more than 5x the global
More informationHACKER S DELIGHT DESTROYING THE SYSTEM ONLY MAKES IT STRONGER
HACKER S DELIGHT DESTROYING THE SYSTEM ONLY MAKES IT STRONGER OVERVIEW The meaning of hacking Types of hacking Methods of hacking Implications of hacking HACKING: AN INTRODUCTION A DEFINITION To tinker
More informationIoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense
IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense DDoS Attacks Increasing in Size, Frequency & Complexity Arbor Networks WISR XII Largest attack
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationIBM Cloud Internet Services: Optimizing security to protect your web applications
WHITE PAPER IBM Cloud Internet Services: Optimizing security to protect your web applications Secure Internet applications and APIs against denialof-service attacks, customer data compromise, and abusive
More informationIRL: Live Hacking Demos!
SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Omer Farooq Senior Software Engineer Independent Security Evaluators Rick Ramgattie Security Analyst Independent Security Evaluators What is the Internet of
More informationCYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation
CYBERSMART BUILDINGS Securing Your Investments in Connectivity and Automation JANUARY 2018 WELCOME STEVE BRUKBACHER Application Security Manager Global Product Security Johnson Controls 1 WHY ARE WE HERE
More informationNGN: Carriers and Vendors Must Take Security Seriously
Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationRegulation and the Internet of Things
Regulation and the Internet of Things 15 th Global Symposium for Regulators (GSR15) Prof. Ian Brown The views expressed in this presentation are those of the author and do not necessarily reflect the opinions
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationTHE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS
SESSION ID: MBS-W04 THE NEW LANDSCAPE OF AIRBORNE CYBERATTACKS Nadir Izrael CTO & Co-Founder Armis, Inc. Ben Seri Head of Research Armis, Inc. Placeholder Slide: Image of spread of infection Placeholder
More informationCyber Security Audit & Roadmap Business Process and
Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationRadware: Anatomy of an IoT Botnet and Economics of Defense
BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion
More informationCisco Encrypted Traffic Analytics Security Performance Validation
Cisco Encrypted Traffic Analytics Security Performance Validation March 2018 DR180222D Miercom.com www.miercom.com Contents 1.0 Executive Summary... 3 2.0 About the Product Tested... 5 3.0 How We Did It...
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including
More informationHow to Create, Deploy, & Operate Secure IoT Applications
How to Create, Deploy, & Operate Secure IoT Applications TELIT WHITEPAPER INTRODUCTION As IoT deployments accelerate, an area of growing concern is security. The likelihood of billions of additional connections
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationMOBILE SECURITY OVERVIEW. Tim LeMaster
MOBILE SECURITY OVERVIEW Tim LeMaster tim.lemaster@lookout.com Your data center is in the cloud. Your users and customers have gone mobile. Starbucks is your fall-back Network. Your mobile device is a
More informationmhealth SECURITY: STATS AND SOLUTIONS
mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported
More informationConnect Securely in an Unsecure World. Jon Clay Director: Global Threat
Connect Securely in an Unsecure World Jon Clay Director: Global Threat Communications @jonlclay www.cloudsec.com More devices More data More risks Global Risks Landscape 2018 Source: http://www3.weforum.org/docs/wef_grr18_report.pdf
More informationA General Review of Key Security Strategies
A General Review of Key Security Strategies Disclaimers All content and comments are my own and may not reflect the views of the: United States Government United States Department of Justice (DOJ) Federal
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationⅠ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8
Ⅰ Introduction 1 Ⅱ Information Security Infrastructure and Environment 2 1. Information Security Policy 2 A. Information (Personal Information) Security Policy 2 B. Information Security Policy 3 C. Personal
More informationIOT Security More than just the network..
IOT Security More than just the network.. Adrian Winckles Cyber Lead - Anglia Ruskin University & OWASP Cambridge Chapter Leader Adrian.Winckles@anglia.ac.uk Bio Adrian Winckles Adrian Winckles is Course
More informationBOARD DIRECTOR CONCERNS ABOUT CYBER AND TECHNOLOGY RISK
BOARD DIRECTOR CONCERNS ABOUT CYBER AND TECHNOLOGY RISK 5 September 2017 Rob Clyde, CISM, NACD Board Leadership Fellow Managing Director, Clyde Consulting LLC Vice-Chair, ISACA Executive Chair White Cloud
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationSECURING DEVICES IN THE INTERNET OF THINGS
SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage
More information2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.
2017 Varonis Data Risk Report 47% of organizations have at least 1,000 sensitive files open to every employee. An Analysis of the 2016 Data Risk Assessments Conducted by Varonis Assessing the Most Vulnerable
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationProtect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com
Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationThe Internet of Things and Security
INTERNAL USE ONLY The Internet of Things and Security Chuck DePalma CISSP CISM Network and Cloud Security Architect The Internet of Things 1998 Adoption of Mosaic Browsers 0ver 250 Millions of Internet
More informationLookout's cybersecurity predictions
LOOKING FORWARD AND LOOKING BACK: Lookout's cybersecurity predictions by Kevin Mahaffey Every year, cybersecurity pundits cast predictions for which issues will make headlines in the year to come. We ve
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationSecuring Devices in the Internet of Things
AN INTEL COMPANY Securing Devices in the Internet of Things WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe
More informationSECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi
SECURITY ON PUBLIC WI-FI New Zealand A guide to help you stay safe online while using public Wi-Fi WHAT S YOUR WI-FI PASSWORD? Enter password for the COFFEE_TIME Wi-Fi network An all too common question
More informationTrends for Smart Grid Automation and Industry 4.0 Integration. presented by Detlef Raddatz Managing Director SystemCORP Embedded Technology
Trends for Smart Grid Automation and Industry 4.0 Integration presented by Detlef Raddatz Managing Director SystemCORP Embedded Technology Agenda Introduction Short History of Utility Communication Utility
More informationHow Secure is your Video Surveillance System?
How Secure is your Video Surveillance System? Security Whitepaper Table of Contents 1 EXECUTIVE SUMMARY About Verkada 3 A NOTE ON SYSTEM DESIGN Traditional On-Prem + Internet Enabled Remote Access Video
More informationQuick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.
Quick Heal Total Security for Android Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping. Product Highlights Complete protection for your Android device that
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More information