Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet. - презентация

1 Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet of Things (IoT) Security Considerations for Higher Education

2 What is IoT? The Internet of Things (IoT) is the network of physical objectsdevices, vehicles, buildings and other items embedded with electronics, software, sensors, and network connectivitythat enables these objects to collect and exchange data. Education – Partnership – Solutions Information Security Office of Budget and Finance

3 Various Names, One Concept M2M (Machine to Machine) Internet of Everything (Cisco Systems) World Size Web (Bruce Schneier) Skynet (Terminator movie) Education – Partnership – Solutions Information Security Office of Budget and Finance

4 Where is IoT? Education – Partnership – Solutions Information Security Office of Budget and Finance Its everywhere!

5 Smart Appliances Healthcare Education – Partnership – Solutions Information Security Office of Budget and Finance Wearable Tech

6 Education – Partnership – Solutions Information Security Office of Budget and Finance

7 The IoT Market As of 2013, 9.1 billion IoT units Expected to grow to 28.1 billion IoT devices by 2020 Revenue growth from $1.9 trillion in 2013 to $7.1 trillion in 2020 Education – Partnership – Solutions Information Security Office of Budget and Finance

8 Why be concerned about IoT? Its just another computer, right? All of the same issues we have with access control, vulnerability management, patching, monitoring, etc. Imagine your network with 1,000,000 more devices Any compromised device is a foothold on the network Education – Partnership – Solutions Information Security Office of Budget and Finance

9 Attacking IoT Default, weak, and hardcoded credentials Difficult to update firmware and OS Lack of vendor support for repairing vulnerabilities Vulnerable web interfaces (SQL injection, XSS) Coding errors (buffer overflow) Clear text protocols and unnecessary open ports DoS / DDoS Physical theft and tampering Education – Partnership – Solutions Information Security Office of Budget and Finance

10 Thank you for your attention Education – Partnership – Solutions Information Security Office of Budget and Finance