+ All Categories
Home > Internet > APrIGF 2015: Security and the Internet of Things

APrIGF 2015: Security and the Internet of Things

Date post: 07-Aug-2015
Category:

Internet
Upload: apnic
View: 211 times
Download: 1 times
Download Report this document
Share this document with a friend
Popular Tags:
security responder
security concerns
security considerations
apnic security outreach
systems vulnerable afer
vulnerable services
issue date
enterprise vs home systems
15
Issue Date: Revision: Security & The Internet of Things (IoTs) Adli Wahid Security Specialist, APNIC [email protected]
Transcript
Page 1: APrIGF 2015: Security and the Internet of Things

Issue Date:

Revision:

Security & The Internet of Things (IoTs)Adli Wahid

Security Specialist, APNIC

[email protected]

Page 2: APrIGF 2015: Security and the Internet of Things

2

Adli Wahid

• Security Specialist at APNIC

• Security Outreach, Digital Forensics & Incident Response

• Board Member of Forum of Incident Response & Security Teams (FIRST)

• Working with Network Operators, CERTs/CSIRTs, LEAs, NGOs

Page 3: APrIGF 2015: Security and the Internet of Things

3

Talking Points

Goal:

To highlight some of the security concerns about the IoTs

1. Internet of Things or Internet of Anything

2. Security Risks

3. Security Considerations

Page 4: APrIGF 2015: Security and the Internet of Things

4

Internet of Things

Connect Compute Communicate

Page 5: APrIGF 2015: Security and the Internet of Things

5

IPv6

Security

Privacy

Innovation

Connectivity

Big Data & Cloud

Network

Entrepreneurship Wearables

IoTs

Quality of Life

Multiple Perspectives

Page 6: APrIGF 2015: Security and the Internet of Things

6

50 B

20 B

100 B

How many Billion Devices?

Page 7: APrIGF 2015: Security and the Internet of Things

7

Security Risks

Confidentiality

Integrity

Availability

Privacy

Loss of Life ?

Loss of $$

Cyber Crime

Zooming into Security

Page 8: APrIGF 2015: Security and the Internet of Things

8

Authentication (Password)

Patch & Vulnerability Management

Social Engineering

Security Awareness

Security Breaches

Encryption

Page 9: APrIGF 2015: Security and the Internet of Things

Challenges to Security Responder

9

Analysis Fix / Recover

• Source of Attack • Modus Operandi • Command & Control • Indicators of Compromise • Number of Bots / Infected

Computers • Numbers of Samples

• Patch Vulnerable Systems • Apply Firewall Rules • Clean Infected Computers • Disable Vulnerable Services • Remove Malicious Page

Page 10: APrIGF 2015: Security and the Internet of Things

10

Heartbleed (CVE-2014-0160)

• Critical Vulnerability affecting a very large user base discovered in April 2014

• 600k systems vulnerable

• Afer 2 months – 300k systems remain unpatched *

• Enterprise vs Home Systems

Page 11: APrIGF 2015: Security and the Internet of Things

11

Problems with CPEs• Customer Premise Equipments

• Common Default ‘not-secure’– Default password – Default Services Turned-on

• Case in point – Open DNS Resolvers – Exploited as platform to launch Amplification Attacks Distributed

Denial of Service attacks– Made worse by the relative ease to spoof IP address – (and Getting Away easily for launching attacks)

Page 12: APrIGF 2015: Security and the Internet of Things

12

Recursive DNS Servers: https://dnsscan.shadowserver.org

Page 13: APrIGF 2015: Security and the Internet of Things

13

Page 14: APrIGF 2015: Security and the Internet of Things

14

Will Security be the Same?

Limit Exposure of IoTs

Security Management

Default Security?

Roles & Responsibilities

Page 15: APrIGF 2015: Security and the Internet of Things

Issue Date:

Revision:

Thank You!

Adli Wahid (@adliwahid)

[email protected]

http://www.apnic.net


Recommended
Internet Revolution towards Internet of Things

Internet Revolution towards Internet of Things

Documents

Internet of Things (IoT) Web of Things (WoT)cis.k.hosei.ac.jp/~jianhua/course/ubi/Lecture11.pdfLecture 11 Internet of Things (IoT) Web of Things (WoT) What are Internet of Things (IoT)

Internet of Things (IoT) Web of Things (WoT)cis.k.hosei.ac.jp/~jianhua/course/ubi/Lecture11.pdfLecture 11 Internet of Things (IoT) Web of Things (WoT) What are Internet of Things (IoT)

Documents

Simple things about internet of things

Simple things about internet of things

Technology

Microsoft Internet of Things konference 2015 - Microsoft og Internet of Things

Microsoft Internet of Things konference 2015 - Microsoft og Internet of Things

Technology

Internet of Things Services 2018 · Internet of Things Services 2018 ... - `5 - :

Internet of Things Services 2018 · Internet of Things Services 2018 ... - `5 - :

Documents

Internet of Things Strategic Research Roadmap Internet of Things Strategic Research Roadmap 2.1 Internet of Things Conceptual Framework InternetofThings(IoT)isanintegratedpartofFutureInternetincludingexist

Internet of Things Strategic Research Roadmap Internet of Things Strategic Research Roadmap 2.1 Internet of Things Conceptual Framework InternetofThings(IoT)isanintegratedpartofFutureInternetincludingexist

Documents

Internet of Things

Internet of Things

Technology

Internet of Things and Future Internet

Internet of Things and Future Internet

Technology

“Internet Access” - 2013 APrIGF Seoul2013.rigf.asia/wp-content/.../Internet_Accessibility_in_AP_Region.pdf · “Internet Access ” On Internet ... Seoul, Republic Korea . About

“Internet Access” - 2013 APrIGF Seoul2013.rigf.asia/wp-content/.../Internet_Accessibility_in_AP_Region.pdf · “Internet Access ” On Internet ... Seoul, Republic Korea . About

Documents

Asia Pacific Regional Internet Governance Forum (APrIGF ... · Host: Internet Service Provider Association of India (ISPAI) Co-Host: NIXI Total Sponsors: 21 Principal Sponsor: Afilias

Asia Pacific Regional Internet Governance Forum (APrIGF ... · Host: Internet Service Provider Association of India (ISPAI) Co-Host: NIXI Total Sponsors: 21 Principal Sponsor: Afilias

Documents

Internet Of Things: Creativity, Innovation & The Internet of Things IOT World

Internet Of Things: Creativity, Innovation & The Internet of Things IOT World

Technology

Internet of things - IoT - Things are talking to Internet

Internet of things - IoT - Things are talking to Internet

Education

Towards a Secure Internet of Things - Industry …...Secure Internet of Things Project (SITP) Securing the Internet of Things • Secure Internet of Things Project 5 year project (just

Towards a Secure Internet of Things - Industry …...Secure Internet of Things Project (SITP) Securing the Internet of Things • Secure Internet of Things Project 5 year project (just

Documents

Internet of Things - · PDF file•Internet of Things ... Process, Data, Things ... Cisco Internet of Things Portfolio 31 Manufacturing Mining Energy-Utility Oil and Gas Transportation

Internet of Things - · PDF file•Internet of Things ... Process, Data, Things ... Cisco Internet of Things Portfolio 31 Manufacturing Mining Energy-Utility Oil and Gas Transportation

Documents

Towards a Trustworthy Industrial Internet of Things ... · Microsoft Azure - Internet of Things Towards a Trustworthy Industrial Internet of Things Infrastructure. Internet of Things

Towards a Trustworthy Industrial Internet of Things ... · Microsoft Azure - Internet of Things Towards a Trustworthy Industrial Internet of Things Infrastructure. Internet of Things

Documents

Internet Things!

Internet Things!

Documents

Internet Access in Korea - 2013 APrIGF Seoul2013.rigf.asia/wp-content/uploads/2013/09/APrIGF_Internet Access_… · Internet Access in Korea 2013 Asia-Pacific regional Internet Governance

Internet Access in Korea - 2013 APrIGF Seoul2013.rigf.asia/wp-content/uploads/2013/09/APrIGF_Internet Access_… · Internet Access in Korea 2013 Asia-Pacific regional Internet Governance

Documents

APrIGF Multi-Stakeholder Steering Group (MSG) Meeting€¦ · APrIGF Multi-Stakeholder Steering Group (MSG) Meeting 19 Apr 2017 (Wednesday) Adobe Connect 04:00 – 05:00 (UTC) Attendees

APrIGF Multi-Stakeholder Steering Group (MSG) Meeting€¦ · APrIGF Multi-Stakeholder Steering Group (MSG) Meeting 19 Apr 2017 (Wednesday) Adobe Connect 04:00 – 05:00 (UTC) Attendees

Documents