Chapter 13 - 02 - Discuss the Security in IoT-enabled Environments - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 loT and OT Security Module Flo f Understand IoT Devices, Application Areas, and Communication Models Discuss the Security in IoT-enabled Environments Understand OT Concepts, Devices, and Protocols Discuss the Security in OT-enabled Environments Discuss the Security in IoT-enabled Environments The objective of this section is to explain the security principles in loT-enabled environments. Module 13 Page 1577 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician 10T and OT Security Exam 212-82 Security in IoT-enabled Environments With no or inadequate focus on loT device security by manufacturers, security measures used to harden the 10T device are often insufficient 0 69( S Therefore, organizations should focus on countering attack scenarios in loT-enabled environments. Organizations should focus on securing network devices and routers in an loT-enabled environment. This helps restrict the attacker from accessing other parts of the network and performing targeted attacks 6 The organization should use multilayered management. An overarching multilayered security plan and constant maintenance are necessary to effectively secure all these disparate 10T devices 0 Company-wide collaboration and synchronization are required to secure an loT-enabled environment Copyright © by EC-Councll AN Rights Reserved. ReproductionIs Strictly Prohibited Security in IoT-enabled Environments Because loT devices are vastly different from each other, the security of devices relies on their type and model. With no or inadequate focus on |oT device security by manufacturers, security measures used for loT devices often fall short. Therefore, an organization should focus on securing loT devices and countering attack scenarios in loT-enabled environments. An organization can secure loT devices by changing the default passwords, disabling unused features, updating firmware and applications, and using a legitimate application developed by a reliable vendor in the case of 10T devices that rely on third-party applications. An adversary uses a compromised 10T device as an entry point to a network and performs a lateral movement attack. For example, a compromised smart printer can infect other systems and devices connected to the same network. A compromised router can spread malware to all the 10T devices connected to it. Therefore, organizations devices and routers in an loT-enabled environment. should focus on securing network To secure an loT network and router, the user should map and monitor all the devices, apply network segmentation, ensure a secure network architecture, use routers with in-built firewalls, and disable unnecessary services such as Universal Plug and Play (UPnP). This helps in restricting the attacker from accessing other parts of the network and performing targeted attacks. An organization should use multi-layered management. To secure all the different IoT devices, an overarching multi-layered security plan and constant maintenance are required. The organization should enforce security solutions that safeguard the loT devices and detect malware at the endpoint level. It should also use security software that checks the network traffic between Module 13 Page 1578 routers and connected devices to protect the IoT devices. Further, it should Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician 1oT and OT Security Exam 212-82 utilize network appliances to monitor all the ports and network protocols for detecting advance threats and safeguard the 10T devices from targeted attacks. Company-wide collaboration and synchronization are required to secure an loT-enabled environment. Module 13 Page 1579 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 IoT System Management ‘)0@ Device Management O User Management Ensure secure data transmission O Security Monitoring Provide control over the users to facilitate fine interaction O who have access to an loT system. between devices and to guarantee the proper functioning of devices in an loT system User management includes identifying users, setting user roles and access levels, controlling access, etc. To address security breaches at early stages and to prevent malicious attacks on an loT system, perform the activities such as log and analyze commands sent by control applications to things, monitor and store all the actions of users, identify the patterns of malicious behavior, etc. IoT System Management loT system management involves the following. = Device management Ensure secure data transmission to facilitate fine interaction between guarantee the proper functioning of devices in an loT system. = devices and to o Identify the identity of devices to ensure a trusted device with genuine software transmitting reliable data. o Configure devices and control them as per the requirements of an IoT system. For example, provide IDs for devices. o Monitor and diagnose devices to ensure the smooth and secure functioning of loT devices. o Update software vulnerabilities. and maintain it to add functionality, fix bugs, and address User management Provide control over the users who have access to an loT system. User management includes the following: o ldentify users. o Set user roles (owners, guests, etc.). o Set access levels for users. o Control the access of a few users to specific information. Module 13 Page 1580 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security = Exam 212-82 o Set user ownership. o Add and remove users. o Manage user settings. o Allow permissions to perform certain operations within an 10T system (for example, controlling and recording user activities). Security monitoring To address security breaches at early stages and to prevent malicious attacks on an loT system, the following should be performed: o Log and analyze commands sent by control applications to things. o Monitor the actions of users. o Store all actions in the cloud. o lIdentify the patterns of malicious behavior. o Store samples of malicious activity and compare them with the logs generated by the loT system to avoid attacks and their impact. Module 13 Page 1581 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.