The Internet-of-Insecure-Things Causes, Trends and Responses

Slides:



Advertisements
Similar presentations
Marketing Environmental Services Strategies to Create Awareness.
Advertisements

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Trojan Horse Program Presented by : Lori Agrawal.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Website Hardening HUIT IT Security | Sep
Introduction to Honeypot, Botnet, and Security Measurement
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Assessing Home Internet Users’ Demand for Security Brent Rowe, RTI International Dallas Wood, RTI International.
SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.
Honeypot and Intrusion Detection System
Databases and security continued CMSC 461 Michael Wilson.
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
Local Threat Report Vikram Kumar – Chief Executive, InternetNZ 22/08/2012.
5/18/2006 Department of Technology Services Security Architecture.
Retina Network Security Scanner
Security Vulnerabilities in A Virtual Environment
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
FROM SECURITY DATA TO SECURITY INTELLIGENCE ZULFIKAR RAMZAN, CTO, RSA.
BT One. Communications that unify Bringing intelligence to telecom data.
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Society for Maintenance and Reliability Professionals (SMRP)
WannaCry/WannaCrypt Ransomware
A Speculation on DNS DDOS
Centralized Security Event Management
Koji Nakao, Dai Arisue NICT, Japan
Barracuda Link Balancer
Практика применения системы аналитики поведения приложений ExtremeAnalytics в сети. Как простые данные могут ускорить решение проблем, повысить уровень.
Cyber Warfare and Importance of Cyber Awareness
Barracuda Web Security Flex
Cybersecurity - What’s Next? June 2017
Backdoor Attacks.
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
5 OCTOBER 2015 MANILA, PHILIPPINES
Information Technology Sector
“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
6lo Privacy Considerations
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Honeypots at CESNET/MU
Client Client 4) Hello , please give me the website
Who should be responsible for risks to basic Internet infrastructure?
Cloud Testing Shilpi Chugh.
Ducat offers a best iot training. IoT acronym of "Internet of Things". it is a technology that allow objects to communicate with each other via an electronic.
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
5 Benefits of Blockchain for Startups - IQVIS
Call AVG Antivirus Support | Fix Your PC
 Printer not found  Unable to find the printer  No devices found  Your printer could not be found on your wireless network.
Is Your Online Security Intelligent? Internet Performance Management
Cybersecurity Concepts for Engineers
Internet of Things Vulnerabilities
Internet Worm propagation
Internet Interconnection
Intro to Ethical Hacking
Information Security Awareness
Appliances And Incident Response
Nenad Stefanovic and Danijela Milosevic
Huge latent demand for housing in India
Honeypots and Automation
Presented by John Johnson
Trust by Design: The Internet of Things
IoT: Privacy and Security
Threat Landscape Update
Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai Zhuohao Li Sep 25, 2019.
Cleaning Up the Internet of Evil Things
Presented by Shashank Shekhar Sahoo
Keeping state election infrastructure safe: How Cloudflare and local IXP connectivity helped a small country in Europe Authors: Vladislav Bidikov.
Presentation transcript:

The Internet-of-Insecure-Things Causes, Trends and Responses ( @ RIPE 77 ) https://xkcd.com/1966/ Arman Noroozian ( Economics of Cybersecurity, TPM, @TU Delft, Netherlands )

NCTA — The Internet & Television Association https://www.ncta.com/sites/default/files/platform-images/wp-content/uploads/2014/05/growth-of-internet-of-things-hero-1024x585.jpg

Whole Lotta Questions Raised!! How? How did we get into this mess? How do we get out of this mess?

How did we get here? Fragmented landscape Vendors without competence or incentives Lack of visibility into which ‘things’ fail Dependencies in value chains

How do we get out of it? (Mopping While the Tap is Still Running)

Governance Strategies Being Discussed Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

Governance Strategies Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

Where are the hacked devices?

Monitoring IoT compromise Honeypot infrastructure with Yokohama National University (Japan) Emulated and physical devices Port 22, 23, 80, 8080, 53413, … Log interactions, scan back, attacking devices

Who operates the network?

Infection rates across ISPs

Who operates the network (NL)?

Cleaning IoT Devices (KPN) Walled Garden Cutting off access to infected devices 1736 quarantining actions 1208 customers 50% clean infections Most quarantined once Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens. Orçun Çetin, Lisette Altena, Carlos Gañán, Michel van Eeten. In SOUPS 2018

Cleaning IoT Devices (Cont.) Randomized Control Experiment 220 Customers

Cleaning IoT Devices (Cont.) Randomized Control Experiment 92% Cleaned In 14 days!

In Conclusion Network operators can significantly help Awareness raising (but don’t blame the victim) Monitoring and transparency (name, shame, and praise) Certifications and standards (FTC fining ASUS, D-Link) Liability, duty to care (make vendors bear the cost) Intermediary Role (ask ISPs to cut off access) Strengthening user rights (opt in, data minimization)

Future Research MINIONS - MitigatINg IOt-based DDoS attacks via the DNS

Thank you! Follow our research on https://www.tudelft.nl/cybersecurity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.