Summary

This document discusses IoT device management solutions, including Oracle, Predix, Cloud IoT Core, IBM Watson, and AT&T from a security perspective. It covers how these solutions help with device onboarding and security.

Full Transcript

Certified Cybersecurity Technician Exam 212-82 loT and OT Security IoT Device Management...

Certified Cybersecurity Technician Exam 212-82 loT and OT Security IoT Device Management OQO 10T device management helps in supporting loT solutions by using any software tools and processes and helps in onboarding latest devices securely and promptly [—— -] Azure IoT Central IoT Device Management Solutions BEMESIOHIEoR e | & rogmind - Ovrien » Oracle loT Asset Monitoring Cloud st https://www.oracle.com AECEECI C s mostern........... reeretstera... as Py I;r— 1 "y e ::.4 O ey »» Predix Predix - = e Panan [oms ®® oo ¢¢ @6 585 >N https://www.ge.com — 5 5= e Py [ ' o z @ ' » Cloud loT Core o Theast detection Theast detection https://cloud.google.com = -L o [E ) Sv———" berennis wnairy b WW M Mt ebt s e b. 9 Ovre n [y I k4 252 » 1BM |BM Watson loT Platform 0 Ih T h e > https://www.ibm.com I5e LU » AT&T loT Connectivity Management https://www.business.att.com hteps:/fazrure.microsoft.com https://azure.microsoft.com. cll. All Rights Reserved. ReproductionisIs Strictly Prohibited IoT Device Management loT device management helps security professionals to track, monitor, and manage physical lIoT devices from a remote location. Security professionals can use solutions such as Azure loT Central, Oracle loT 10T Asset Monitoring Cloud, and Predix to perform loT IoT device management. These solutions allow security professionals to update the firmware remotely. Further, loT device management helps in providing permissions and enhancing security capabilities to ensure protection against various vulnerabilities. loT device management can be very supportive in preventing loT attacks as it can provide: = Proper authentication, as only trusted and secure devices with proper credentials are enrolled = Accurate configuration, controlling devices to ensure proper functionality and improved performance. It can also reset the factory settings during device decommissioning. = Proper monitoring to detect flaws and diagnose operational issues and software bugs through program logs = Secure maintenance of remote devices and frequent device updates with the latest security patches loT Device Management Solutions loT device management solutions are used by security professionals, IT admin, or loT administrators for onboarding, organizing, monitoring, and managing loT devices. Module 13 Page 1586 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security Discussed below are some loT device management solutions: = Azure loT Central Source: https://azure.microsoft.com Azure loT Central is a hosted, extensible software-as-a-service (SaaS) platform that simplifies the setup of 10T solutions. It helps to easily connect, monitor, and manage loT assets at scale. Azure |loT Central can simplify the initial setup of an loT solution and can reduce the management burden, operational costs, and overheads of a typical loT project. Microsoft Arure w rogm-hub.’ rtogm-hub - Overview Threat prevention Automanc Devae Marsgemant Hew'th moritenng B Ovice recomme. ndations - Most prevalent devece N e recommendatony 55 2 ® 612 @ 55 b Q- 1 O 17 Threat detection B Oevice vecurity slerts T Revource vecurity alerty ® Most attached deveces —— | | 439 4 & e 2852 e - 1 || | I 'HG @ Moo 2 i lZ 3K 4 B Advace B Secunty Conter Cont Management + & Figure 13.10: Screenshot of Azure loT Central Listed below are some of the additional solutions for loT device management: = QOracle 10T Asset Monitoring Cloud (https.//www.oracle.com) * Predix (https://www.ge.com) * Cloud loT Core (https://cloud.google.com) = |BM Watson loT Platform (https://www.ibm.com) = AT&T loT Connectivity Management (https://www.business.att.com) Module 13 Page 1587 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security IoT Security Best Practices 1 2 3 4 ———— e — | ———————— —————— -. 1 |E— — Disable the “guest” Use the “Lock Out” Implement strong Locate control system and “demo” user feature to lock out authentication networks and devices accounts if enabled accounts for excessive mechanisms behind firewalls and invalid login attempts isolate them from the business network S 6 4Z 8 [ ————— [ e |S— Implement IPS and Implement end-to-end Use VPN architecture Deploy security as a IDS in the network 1DS encryption and use for secure unified, integrated Public Key communication system Infrastructure (PKI) IoT Security Best Practices Disable the “guest” and “demo” user accounts if enabled Use the “Lock Out” feature to lock out accounts for excessive invalid login attempts Implement a strong authentication mechanism Locate control system networks and devices behind firewalls, and isolate them from the business network Implement IPS and IDS in the network Implement end-to-end encryption and use public key infrastructure (PKIl) Use VPN architecture for secure communication Deploy security as a unified, integrated system Allow only trusted IP addresses to access the device from the Internet Disable telnet (port 23) Disable the UPnP port on routers Protect the devices against physical tampering Patch vulnerabilities and update the device firmware regularly Monitor traffic on port 48101, as infected devices attempt to spread the malicious file using port 48101 Module 13 Page 1588 Certified Cybersecurity Technician Copyright © by EC-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security = Position of mobile nodes should be verified with the aim of referring one physical node with one vehicle identity only, which means one vehicle cannot have two or more identities = Data privacy should be implemented; therefore, the user’s account or identity should be kept protected and hidden from other users = Data authentication should be performed to confirm the identity of the original source node = Maintain data confidentiality using symmetric key encryption = Implement a strong password policy requiring a password at least 8—-10 characters long with a combination of letters, numbers, and special characters = Use CAPTCHA and account lockout policy methods to avoid brute-force attacks = Use devices made by manufacturers with a track record of security awareness = |solate loT devices on protected networks Module 13 Page 1589 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security 10T IoT Security Tools Bevywise IoT Bevywise loT Simulator is an intelligible simulation tool to simulate tens of ‘ Simulator thousands of MQTT clients in a single box SeaCat.io SeaCat.io \\ ©0&1 Dovies Do [N oevice Dotaits [ 0 71 ST EXS @0 https://teskalabs.com https://teskalabs.com Device Property Value Client Name AS3 A4 New Now Device Devies Details Dessite %* Gingertroad naartre i [ : DigiCert loT 10T Security Solutions Clent Client Deseription Dascription Onece Name Ouvce Narme rrones === [ ee https://www.digicert.com https://www.digicert.com H WILL Topic WILL Topic Cwen Dencripnion Dweca Deacrpnin WILL Message Lk ik JRR— [IRR——- o WILL Retain e T —— \onere Sevce Bren f©) é@b FortiNac FortiNAC net.com et Gos Wt Gos e Jq : Syt < https://www.fortinet.com https://www.forti Mossages Mossagos Publish Wil Wl Retaiy Retab OCnar Roten fug 0 Cinar Roisn Pag _]_J [+ [+] i ® O« Tepic Tepic Darktrace Oo race.com https://www.darktrace.com https://www.darkt Subscribed Topics [+ [+] Subscribe On Subscribe On Subicribed Topic Subscribed Topic QoS Qo Cisco loT Threat Defense Hour Minute Se https://www.cisco.com members/arrival members/arral ©O AMtmost Mtmost Orce Once 1 1 1 https.//www.bevywise.com )@ Copyright © by EC-Councll. Copyright EC-{ cll. All Rights Reserved. Reproductionis Strictly Prohibited Prohibited. IoT Security Tools The 10T loT is not the only range of devices connected to the Internet, but it is also a very complex, rapidly growing technology. To understand and analyze various risk factors, proper security solutions must be incorporated to protect the |oT loT devices. The use of 10T security tools helps organizations to significantly limit security vulnerabilities, thereby protecting the loT devices and networks from different kinds of attacks. Bevywise loT Simulator Source: https://www.bevywise.com Bevywise loT Simulator is an intelligible simulation tool to simulate tens of thousands of MQTT clients in a single box. It can be used to develop, test, and demonstrate loT servers and managers. loT Simulator can be configured to send real-time messages within a range or from a random set of values based on the time and client. Further, it can simulate dynamic messages in two message formats, namely, TXT and JSON, like real-world loT 10T devices. For flexibly varying the data published in every sequence and to make the data in sync with the real device, 10T Simulator supports four types of dynamic values to be sent as a part of messages: system variable timestamp and client identifier, random, range, linear, and constant. 10T events can be configured with a predefined loT dataset by uploading a CSV file. Module 13 Page 1590 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security loT-Simulator Device oetals [ [ ° Device Property Value Admin_Laptop Add New Device Details Client Name 8- GingerBread Employees_Agent Client Description Device Name tion Iphone Iphono Fan_Agent 3 WILL Topic Device Description mobile Hall_Light_Agent WILL Message Will Tople WILL Message connection/status Will Message Iphone device cown Heater_Agent WILL Retain Will QoS 0-Armost once j JO_Android_Moblle Messages Publish Will Retain 0-Cloar Rotain flag j e o JO_lphone JD_lphone Topic Kitchen_Light_Agent Cancel & 4] MD_Androld_Moblle MD_Android_Moblle Subscribed Topics @ MD_Car_Agent Subscribe On Subscribed Topic QoS Hour Minute Se members/arrival 0-Atmost Once 1 -1 1 Figure 13.11: Screenshot of Bevywise loT Simulator Listed below are some of the additional 10T security tools and solutions: = SeaCat.io (https://teskalabs.com) = DigiCert 10T loT Security Solutions (https://www.digicert.com) =» FortiNAC (https.//www.fortinet.com) = Darktrace (https://www.darktrace.com) = Cisco loT Threat Defense (https://www.cisco.com) Module 13 Page 1591 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser