Académique Documents
Professionnel Documents
Culture Documents
Agenda
1. IT network Today
2. New IOT devices that will be online
3. What about those IOT devices
4. Key network strategies to evolve to
5. Key considerations for IT
6. What would the future architectures look like?
7. Closing thoughts
Internet of Things Group
IT Perspective
3. IOT devices on the network: 66% of respondents feel that 25% or less
devices in the network are IoT. 85% of respondents said they arent
confident they know all devices in the network, but nearly two-thirds of
them admitted to having 6-15 unique device types on their networks.
Internet of Things
Group
Source:
http://www.securityweek.com/iot-devices-not-properly-secured-enterprise-networks-survey, June 14, 2016
4. Security Policy: 44% said they have a policy, 26% admitted they didnt
know, and 30% said no such policy was in use. 33% were aware of
their companys security policy covering home networks too, while 45%
said that accessing the corporate network from home wasnt covered
by the existing policy.
5. Device Discovery: 89% felt its important to discover an IoT device on
the network. 87% said it is important to classify IoT devices. 86%
found discovering/classifying w/o the use of an agent to be important.
Router
Firewall
Switch
Internet
WAN
Proxy
FTP
Web
LAN
DB
Internet
Malware
Viruses
Physical
Spoofing
Denial of
Service
Worm
Trojan
Horse
Internet of
ThingsConsumer
Group
Then,
Devices
A recent example is the failure to secure thousands of Internet-connected printers around the world,
which allowed a researcher to access them via port 9100 and to set all of them to print an anti-Semitic flier. 8
HVAC
Sensors
Energy
Security Cameras
Wearables
Entertainment Devices
10
Heating,
Ventilating,
Air-conditioning Control (HVAC), BAC Building Automation and Control, VAV Variable Air Volume
Internet
of Thingsand
Group
Image above by: http://www.wbdg.org/resources/cybersecurity.php
11
Interesting Note: IT and WSPs have already solved these problems for laptops, tablets, smart
Internet of Things Group
phones, printers,
12
Examples
1. Lighting Systems
2. HVAC Controls
3. Surveillance/Security Camera
13
14
15
Manageability, Upgradeability,
Security, Large Data sizes, Power,
Communication, Processing,
Analytics, and redundancy
problems are going to explode !!
Internet of Things Group
16
18
Strategy 1
IT
Build a Wall
1
IOT
Advantages
1. Keeps away the contamination
2. Security, device management does
not turn into a nightmares
3. Simpler IP addressing
4. QoS and Latency not critical
5. Easy management of rogue devices
Disadvantages
1. High cost of creating a parallel new
network
2. Separate IT and Facilities
Management personnel
3. Employee has no access/control
4. Operational inefficiencies
19
Strategy 2
IT
Create one
Ubiquitous
Network
2
IOT
Advantages
1. Reduced cost of deployment
2. Easier IT/Facilities management
3. IPV6 addressing
4. Employees can also have direct
control over certain devices
5. Uniform policy management
6. Easier OS, analytics, profile update
7. Sensing as well as actuation
Disadvantages
1. Security vulnerabilities
2. QoS/Latency issues
3. Rogue devices creep
4. Device Volume/Management
20
Strategy 3
IT
Build a hybrid
Network
(Gateway)
3
IOT
Advantages
1. Phased transition of devices
2. Staggered deployment cost
3. Easier IT/Facilities management
4. Device security behind a gateway
5. Employees can also have direct
control over certain devices
6. Uniform policy management
7. Easier OS, analytics, profile update
8. Sensing as well as actuation
Disadvantages
1. QoS/Latency issues
2. Device Volume/Management
21
22
3. QoS: When there is a critical event, e.g. fire, or a water leak, how to
ensure the event gets the highest priority?
23
9. Storage: Where is the data stored, what is the retention period, and should be
data be even stored or only exceptions?
10. Communication: What are the wireless protocol that makes sense? Should
the devices be connected over BT, Wi-Fi, or WAN? Bandwidth? Real time?
11. Data Sizes: The amount of data created is going to be humongous! What
type of data it is?
12. Human Safety: What are the implications on human life?
Internet of Things Group
24
From Tsensors Summit Janusz Bryzek Roadmap for Trillion Sensor universe
25
27
Video
Digital
Lighting
Signage
Elevator
Advanced
Metering
PACS
HVAC
Video
Digital
Signage
Elevator
Advanced
Metering
PLC
IT
BAS
Fire and Life and Safety (FLS)
Physical Security and Access Control (PACS)
Energy Management Systems (EMS), which includes Lighting Control
Internet
of Things
Group
Heating,
Ventilation
and Air
Conditioning (HVAC)
Lighting
PACS
Gateway
IT
WAN
28
Video
LAN/WAN
Digital
Lighting
Signage
Elevator
Advanced
Metering
PACS
IOT
IT
BAS: Fire and Life and Safety (FLS), Physical Security and Access Control (PACS), Energy Management Systems (EMS), which includes
Internet
of Things
Group
Lighting
Control,
Heating,
Ventilation and Air Conditioning (HVAC)
29
Closing Thoughts
1. Security/Human Safety Priority #1
30
Thank you
31
Backup
32
33
33
Glossary of Terms
1.
2.
3.
4.
5.
Hacker Attacks: Indicates attacks that are not automated by programs such as viruses, worms, or Trojan horse programs.
There are various forms that exploit weaknesses in security. Many of these may cause loss of service or system crashes.
IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from.
There are various forms and results to this attack. The attack may be directed to a specific computer addressed as though it
is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating
systems such as Windows to crash or lock up. Gaining access through source routing. Hackers may be able to break
through other friendly but less secure networks and get access to your network using this method.
Session Hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack
the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the
session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the
session.
Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication
from the client. The attacker will run this utility while acting like the server while the user attempts to login. If the client is
tricked into sending LANMAN authentication, the attacker can read their username and password from the network packets
sent.
DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but
may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be
diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS
request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server
may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from
customers when they attempt to logon.
3434
Glossary of Terms
1.
2.
3.
4.
5.
6.
7.
Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized
access.
Viruses - This type of malicious code requires you to actually do something before it infects your computer. This
action could be opening an email attachment or going to a particular web page. It reproduces itself by attaching to
other executable files.
Worms - Worms propagate without your doing anything. They typically start by exploiting a software vulnerability (a
flaw that allows the software's intended security policy to be violated). Then once the victim computer has been
infected, the worm will attempt to find and infect other computers. Similar to viruses, worms can propagate via
email, web sites, or network-based software. The automated self-propagation of worms distinguishes them from
viruses. Self-reproducing program. Creates copies of itself. Worms that spread using e-mail address books are
often called viruses.
Trojan horses - A Trojan horse program is software that claims to do one thing while, in fact, doing something
different behind the scenes. For example, a program that claims it will speed up your computer may actually be
sending your confidential information to an intruder.
Spyware - This sneaky software rides its way onto computers when you download screensavers, games, music,
and other applications. Spyware sends information about what you're doing on the Internet to a third-party, usually
to target you with pop-up ads. Browsers enable you to block pop-ups. You can also install anti-spyware to stop this
threat to your privacy.
DoS- Denial of Service
Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.).
3535