Chapter 13 - 02 - Discuss the Security in IoT-enabled Environments - 03_ocred.pdf

Full Transcript

Certified Cybersecurity Technician loT and OT Security Exam 212-82 IoT Device Management QO 10T device management helps in supporting loT solutions by using any software tools and processes and helps in onboarding latest devices securely and promptly Management Solutions BEMESIOHIEoR e | Oracle loT Asset Monitoring Cloud https://www.oracle.com. st AECEECI C s mostern. » I;r— Predix e https://www.ge.com » Cloud loT Core Panan 5 "y ::.4 O ® o ¢ e 6 [ 5 > ' Theast detection https://cloud.google.com » -] Azure IoT Central IoT Device » [—— L E berennis wnairy b W M e e b 1BM Watson loT Platform https://www.ibm.com » AT&T loT Connectivity Management https://www.business.att.com hteps:/fazrure.microsoft.com. cll. All Rights Reserved. Reproductionis Strictly Prohibited IoT Device Management loT device management helps security professionals to track, monitor, and manage physical lIoT devices from a remote location. Security professionals can use solutions such as Azure loT Central, Oracle 10T Asset Monitoring Cloud, and Predix to perform IoT device management. These solutions allow security professionals to update the firmware remotely. Further, loT device management helps in providing permissions and enhancing security capabilities to ensure protection against various vulnerabilities. loT device management can be very supportive in preventing loT attacks as it can provide: = Proper authentication, as only trusted and secure devices with proper credentials are enrolled = Accurate configuration, controlling devices to ensure proper functionality and improved = Proper monitoring to detect flaws and diagnose operational issues and software bugs through program logs = Secure maintenance of remote devices and frequent device updates with the latest performance. It can also reset the factory settings during device decommissioning. security patches loT Device Management Solutions loT device management solutions are used by security professionals, IT admin, administrators for onboarding, organizing, monitoring, and managing loT devices. Module 13 Page 1586 or loT Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security Discussed below are some loT device management solutions: = Azure loT Central Source: https://azure.microsoft.com Azure loT Central is a hosted, extensible software-as-a-service (SaaS) platform that simplifies the setup of 10T solutions. It helps to easily connect, monitor, and manage loT assets at scale. Azure |loT Central can simplify the initial setup of an loT solution and can reduce the management burden, operational costs, and overheads of a typical loT project. Microsoft Arure w.’ rogm-hub rtogm-hub - Overview Threat prevention Automanc Devae Marsgemant B Hew'th moritenng Ovice recomme. ndations Most prevalent devece N e 55 recommendatony ® 612 2 b @ Q- O 17 55 1 Threat detection T B Oevice vecurity slerts | | @ Moo B Advace 2 || | I i ® Most attached deveces Revource vecurity alerty —— 4 1 439 'HG & e 2852 e 4 lZ 3K B Secunty Conter Cont Management + & Figure 13.10: Screenshot of Azure loT Central Listed below are some of the additional solutions for loT device management: = QOracle 10T Asset Monitoring Cloud (https.//www.oracle.com) * Predix (https://www.ge.com) * Cloud loT Core (https://cloud.google.com) = |BM Watson loT Platform (https://www.ibm.com) = AT&T loT Connectivity Management (https://www.business.att.com) Module 13 Page 1587 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security IoT Security Best Practices 1 e 2 — —————— 3. 1 4 — Disable the “guest” Use the “Lock Out” Implement strong Locate control system and “demo” user accounts if enabled feature to lock out accounts for excessive invalid login attempts authentication mechanisms networks and devices behind firewalls and isolate them from the business network [ S ————— Implement IPS and IDS in the network 6 Z 8 [ e |S— Implement end-to-end encryption and use Public Key Infrastructure (PKI) Use VPN architecture for secure communication Deploy security as a unified, integrated system IoT Security Best Practices Disable the “guest” and “demo” user accounts if enabled Use the “Lock Out” feature to lock out accounts for excessive invalid login attempts Implement a strong authentication mechanism Locate control system networks and devices behind firewalls, and isolate them from the business network Implement IPS and IDS in the network Implement end-to-end encryption and use public key infrastructure (PKIl) Use VPN architecture for secure communication Deploy security as a unified, integrated system Allow only trusted IP addresses to access the device from the Internet Disable telnet (port 23) Disable the UPnP port on routers Protect the devices against physical tampering Patch vulnerabilities and update the device firmware regularly Monitor traffic on port 48101, as infected devices attempt to spread the malicious file using port 48101 Module 13 Page 1588 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 loT and OT Security = Position of mobile nodes should be verified with the aim of referring one physical node with one vehicle identity only, which means one vehicle cannot have two or more identities = Data privacy should be implemented; therefore, the user’s account or identity should be kept protected and hidden from other users = Data authentication should be performed to confirm the identity of the original source node = Maintain data confidentiality using symmetric key encryption = Implement a strong password policy requiring a password at least 8—-10 characters long with a combination of letters, numbers, and special characters = Use CAPTCHA and account lockout policy methods to avoid brute-force attacks = Use devices made by manufacturers with a track record of security awareness = |solate loT devices on protected networks Module 13 Page 1589 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician 10T and OT Security Exam 212-82 IoT Security Tools Bevywise IoT Bevywise loT Simulator is an intelligible simulation tool to simulate tens of thousands of MQTT clients in a single box oevice Dotaits [N SeaCat.io Device Property Value AS3 New Device Details i \ https://teskalabs.com 0 EXS 0 &1 Simulator Clent Deseription % Onece Name rrones : DigiCert loT Security Solutions https://www.digicert.com H WILL Topic Dweca Deacrpnin WILL Message ik [IRR——- WILL Retain T Wt Gos \onere Sevce Bren e J Wil Retaiy OCnar Roten Pag _] Mossages Publish naartre [ [ o : [+ é@b < FortiNAC https://www.fortinet.com i Tepic o Darktrace https://www.darktrace.com Subscribed Topics [+ Subicribed Topic QoS members/arral O Mtmost Once Subscribe On Hour Minute 1 1 Cisco loT Threat Defense Se https://www.cisco.com 1 https.//www.bevywise.com @ Copyright © by EC-{ cll. All Rights Reserved. Reproductionis Strictly Prohibited. IoT Security Tools The loT is not the only range of devices connected to the Internet, but it is also a very complex, rapidly growing technology. To understand and analyze various risk factors, proper security solutions must be incorporated to protect the loT devices. The use of 10T security tools helps organizations to significantly limit security vulnerabilities, thereby protecting the loT devices and networks from different kinds of attacks. Bevywise loT Simulator Source: https://www.bevywise.com Bevywise loT Simulator is an intelligible simulation tool to simulate tens of thousands of MQTT clients in a single box. It can be used to develop, test, and demonstrate loT servers and managers. loT Simulator can be configured to send real-time messages within a range or from a random set of values based on the time and client. Further, it can simulate dynamic messages in two message formats, namely, TXT and JSON, like real-world 10T devices. For flexibly varying the data published in every sequence and to make the data in sync with the real device, 10T Simulator supports four types of dynamic values to be sent as a part of messages: system variable timestamp and client identifier, random, range, linear, and constant. dataset by uploading a CSV file. Module 13 Page 1590 10T events can be configured with a predefined Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician loT and OT Security Exam 212-82 loT-Simulator Device oetals [ Admin_Laptop [ ° Device Property Value Add New Device Details Client Name 8 GingerBread Employees_Agent Fan_Agent Hall_Light_Agent Heater_Agent Client Description Device Name WILL Topic Device Description WILL Message Will Tople mobile connection/status Will Message WILL Retain Iphone device cown Will QoS JO_Android_Moblle JO_lphone Will Retain Messages Publish Topic 0-Armost once j 0-Cloar Rotain flag j e & Cancel Kitchen_Light_Agent MD_Android_Moblle tion Iphone Subscribed Topics @ MD_Car_Agent Subscribe On Subscribed Topic QoS members/arrival 0-Atmost Once Hour 1 Minute -1 Se 1 Figure 13.11: Screenshot of Bevywise loT Simulator Listed below are some of the additional 10T security tools and solutions: = SeaCat.io (https://teskalabs.com) = DigiCert loT Security Solutions (https://www.digicert.com) » FortiNAC (https.//www.fortinet.com) = Darktrace (https://www.darktrace.com) = Cisco loT Threat Defense (https://www.cisco.com) Module 13 Page 1591 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.