IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat...

IOT: EXPLORING THE THREAT SURFACE

Jason Ortiz

Sr. Integration Engineer

THREAT HUNTING AND RESPONSE | SECURITY CONSULTING

CONTENTSINTRO

THE BIG IDEA SECURING THE EDGE SECURING THE REST

SECURING THE DATA

01 | INTRODUCTION

02 | THE BIG IDEA

EVERYTHING I KNOW ABOUT IOT

THE BIG IDEA

EVERYTHING I KNOW ABOUT IOT SECURITY

THE BIG IDEA

QUESTIONS? THANK YOU.

EVERYTHING I THINK SORT OF MAKES SENSE…

THE BIG IDEA

» IoT Ecosystem

» The Edge

» The Fog/Mist

» The Cloud

WHAT IS THE BIG IDEA?

THE BIG IDEA

» Data

» Simple

03 | SECURING THE EDGE

HARDWARE

THE EDGE

» Physical Ports

» uArt

» JTAG

FIRMWARE

THE EDGE

» Vulnerabilities

» Conventional

» Stored keys?

» Memory dump keys?

» Updates … or NOT

AUTHENTICATION

THE EDGE

» Sooooo many things!

» Based mostly in HTTP

AUTHENTICATION

THE EDGE

» Elliptic Curve Crypto?

» Blockchain?

Bitcoin Ethereum PayPal VISA

Transactions / Second

PAYLOADS

THE EDGE

04 | SECURING THE MIST, OR FOG, OR WHATEVER

OK BUT REALLY

THE … WHATEVER

» The Edge

» The Fog

» The Mist

» The Cloud

COMPONENTS

THE … WHATEVER

» Networking

» Messaging

» Ecosystems

» Data

NETWORKING

THE … WHATEVER

» Which part?

» User -> Stand Alone Device?

» User -> Cloud Connected Device?

» User -> Hub?

» Device -> Hub?

» Hub -> Cloud?

» User -> Cloud?

» Device -> Device?

» Device -> Cloud?

DNS REBINDING

THE … WHATEVER

» Same Origin Policy

» bad.js

» CVEs? You bet

DNS REBINDING

THE … WHATEVER

» Vulns Everywhere!

SECURE NETWORKING?

THE … WHATEVER

» Heavy Use of HTTPS

» Authentication?

» FIDO Alliance

QUEUES

THE … WHATEVER

» RabbitMQ

» Complex setup

» Basic security

» nats.io

» Auth

» TLS

THE … WHATEVER

» Anything interesting on a public broker?

» SHODAN

» C2 through MQTT

SECURING MQTT

THE … WHATEVER

» Enterprise Solution (HiveMQ)

» 3rd party broker

NODERED

THE … WHATEVER

NODERED

THE … WHATEVER

» Security?

» Anything live?

» API!

SECURING NODERED

THE … WHATEVER

» Authentication

» Secure Comms

WEB INTERFACES

THE … WHATEVER

» Basic Vulnerabilities

» Custom HTTP servers … but why?

Databases

THE … WHATEVER

» Mongo

» Postgres

pg_hba.conf

INDICES

THE … WHATEVER

» ElasticSearch

05 | SECURING THE DATA

SECURING THE DATA

THE DATA

» Make No Mistake … I mean PRIVACY

» Is perimeter security dead?

SECURING THE DATA

THE DATA

» CamerasUnited States

France

0 1500 3000 4500 6000

SECURING THE DATA

THE DATA

» Cars and Cities?

SECURING THE DATA

THE DATA

» Wearable Medical Devices

“Frankly, I don’t give a damn if someone wants to change their heart rate data.”

SECURING THE DATA

THE DATA

QUESTIONS? THANK YOU.

IOT: EXPLORING THE THREAT SURFACEintro the big idea securing the edge ... » elasticsearch. threat...

Documents

Enabling Efficient Cyber Threat Hunting with Cyber Threat

Threat Hunting with Splunk

Threat Hunting

Threat Hunting Report can be viewed here - News · THREAT HUNTING REPORT 3. THRET HNTING REPORT 4 KEY SURVEY FINDINGS ... Among the respondents to the threat hunting survey, six in

Abstract Tools for Effective Threat Hunting

Threat Hunting Using a Machine Learning Approach

Total Threat Protection Securing All Your Threat Vectors Hartford Tech Summit

Towards a Threat Hunting Automation Maturity Model

Threat Hunting workshop

Your Practical Guide to 1 – Setting up your threat hunting program Hunt Evil: Your Practical Guide to Threat Hunting 5 3 Common Myths About Hunting Hunting is not a reactive activity

ACKNOWLEDGING THE THREAT: SECURING UNITED STATES PIPELINE ... · ACKNOWLEDGING THE THREAT: SECURING UNITED STATES PIPELINE SCADA SYSTEMS Synopsis: The threat of large-scale cyber

Industrial Control System Cyber Threat Hunting

Cyber Threat Hunting with Phirelight

Hands-on Learning Experiences for Cyber Threat Hunting Education · Cyber Hunting • Cyber threat hunting has emerged as a critical part of cyber security practice. However, –

GUIDE TO CYBER THREAT HUNTING - Tyler Technologies

Threat Hunting 102: Beyond the Basics

2020 THREAT HUNTING REPORT - ExtraHop

Enabling a Threat Hunting Capability in AWS

TTPs for Threat Hunting in Refineries · TTPs for Threat Hunting in Refineries Dan Gunter | Twitter: @dan_gunter Principal Threat Analyst @ Dragos October 2018. ... •Not Red Teaming

(CMC THREAT HUNTING SERVICE)