IoT short for internet of things which is the network of physical devices, vehicles, home appliances and some other items that are embedded within the electronics, software and sensors. All these improvements for more direct integration of the physical world into the computer-based systems will result in efficiency improvements.
Some of the security challenges on IoT are:
- Securing the constrained devices: Many of the IoT devices have limited amount of storage, memory and processing capability in order to be able to be operated on lower power like running on low batteries. IoT systems should make use of the multiple layers of defense like separating the networks and using the firewalls in order to compensate the devices limitations.
- Authorize and authenticate the devices: As many devices establish their identity before they can access the gateways and upstream the services and applications. Adopting an IoT platform that provides the security by default helps to resolve these issues or resources that each device has the access to the systems.
- Managing the device updates: Device manager systems often support pushing out the updates automatically to the devices as well as managing the rollbacks if the update process fails. They also help in ensuring that only legal updates are applied like use of digital signing.
- Secure communication: Once the devices are secured by themselves the next task is IoT security challenge to ensure that the communication across the network between the devices and the cloud services or applications is secured or not.
Best practices of IoT
The Internet of Things(IoT) is growing significantly over the past and coming years. The growth is being driven by the enhanced customer satisfaction and greater efficiency. Some of the best practices are:
- Device security: One is to secure the devices themselves and the devices or pieces of equipment might operate unattended and therefore not subject to the security implies by direct observation. It might also defend a hacker or some other cyber criminal buying and then weaponizing the devices. As a best practice secure endpoint hardening likely means deploying a layered approach that always requires the attackers to circumvent multiple obstacles. Another good practice is to upgrade them or else deploy security patches as needed. But many IoT devices are unpalatable and also cannot be secured. So before investing on those devices that will be connected via IoT .
- Network security: Along with several devices the companies need to make sure that the networks they use for IoT and IIoT are very secure. This includes the use of strong user authentication and access control mechanisms to make sure that only authorized users can gain access to network and the data. For all IoT application it is a better idea to use context-aware authentication which involves in the usage of contextual information and machine-learning algorithms.
- Protecting the data: Companies need to also secure the IoT and IIoT data itself as many devices connected will be storing and transmitting lots of sensitive and confidential information and this data needs to be protected from all ways. Companies who fail to protect this data not only face adverse business impacts but also some regulatory penalties. Much of this seem like common sense cyber security protocol but many organizations lack the resources and discipline to implement these measures.
question 2) need three lines make ur response on this too
Challenges of Securing IoT:
1) Secure web, mobile, and cloud applications
2) Ensure high availability
3) Detect vulnerabilities and incidents
4) Manage vulnerabilities
5) Predict and preempt security issues
Best practices Of securing IoT:
1. Make hardware tamper resistant:
Some IoT devices may operate continuously unattended and not subject to the security implied by this frequent, direct human observation. While it is best to keep devices relatively isolated so that only a few designated person shave physical access, especially for completely unattended devices, making them tamper-proof or tamper-evident may be advantageous. This form of endpoint hardening can help block potential intruders from reaching data. Itmay also defend against a hacker buying and then weaponizing devices.
2. Provide for firmware updates/patches
Inevitably vulnerabilities will be discovered after devices have been deployed. Devices must be patch able or upgrade able. Naturally, device firmware should only be modifiable with the proper digital signature. As it stands, device vendors and manufacturers have little financial incentive in ensuring on going IoT patch upgrades since revenue comes from the sale of the device, not the maintenance. Upkeep of IoT devices may detract from revenue.
3. Perform dynamic testing:
It is crucial that IoT devices undergo thorough testing, and establish minimum baseline for security. Static testing is not intended or designed to find vulnerabilities that exist in the off-the-shelf components such as processors and memory into which may be a component of the overall application. Dynamic testing, on the other hand, is capable of exposing both code weaknesses and any underlying defects or vulnerabilities introduced by hardware and which may not be visible to static analysis.
4. Specify procedures to protect data on device disposal:
Eventually devices become obsolete and users may decide to throw them away. Devices should be discarded without exposing private data. This is a security issue because improperly discarded devices may be converted to serve malicious purposes. This is a privacy issue because, if left in operation or if disposed of improperly, obsolete hardware could be used to reveal personal information about the user or other stakeholders in the IoT eco system. The same will be true for IoT devices that are sold to second owners or that become standard equipment in homes and are conveyed upon sale of the house.
5. Use strong authentication:
IoT devices should not use easy-to-guess user name/password credentials,such as admin /admin. Devices should not use default credentials that are invariant across multiple devices and should not include back doors and debug-mode settings (secret credentials established by the device’s programmer) because, once guessed, they can be used to hack many devices.Each device should have a unique default user name/password, perhaps sprinted on its casing, and preferably re settable by the user. Passwords should be sophisticated enough to resist educated guessing and so-called brute force methods.Where possible we recommend two-factor authentication (2FA), which requires a user to employ both a password and another authentication form that does not rely on user knowledge, such as a random code generated via SMS text messaging. For IoT applications we especially encourage the use of context-aware authentication (CAA), also known as adaptive authentication,in which use contextual information and machine-learning algorithms continuously evaluate risk of malice without bother to the user in demanding authentication. If risk is high, then the subscriber (or hacker) would be asked for a multi-factor token to continue having access.
question 3) need 350-400 words
The Internet of Things (IoT) brings tremendous new capabilities to the net — but it also brings many new security issues. Watch the following video on securing the Internet of Things: https://www.youtube.com/watch?v=rZ6xoAtdF3o
Discuss the challenges of securing the IoT. Then, list five or more best practices you would recommend.