WTF… About the unsecurity of IoT

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Johnson Logistics Solutions Office of Systems and Information Technology.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

The Top Ten of Security. Ten best practices for securing your network. Ten best security web sites. Eight certifications.

Securing a Wireless Network

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Cyber Patriot Training

Web Server Administration Chapter 10 Securing the Web Environment.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

{ Active Directory Security Why bother?.   Law #1: Nobody believes anything bad can happen to them, until it does   Law #2: Security only works if.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Note1 (Admi1) Overview of administering security.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 11: Designing Security for Network Perimeters.

Operational Circular No 5 Use of CERN Computing Facilities.

KTAC Security Task Force Superintendents Update April 23, 2015.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.

Windows Administration How to protect your computer.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Cyber Security: Today’s Threats and Mitigations Jonathan Homer, Cyber Security Analyst Idaho National Laboratory.

Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

NETWORK SECURITY. What do you see THE IMPORTANCE OF SECURITY THE ARE WEBSITES ON THE INTERNET COULD INFORM PEOPLE THE RANGE AND AVAILABLE UNSECURED SITES.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Principles Identified - UK DfT -

CSCE 548 Student Presentation By Manasa Suthram

ISSeG Integrated Site Security for Grids WP2 - Methodology

Critical Security Controls

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Network Security Analysis Name : Waleed Al-Rumaih ID :

Configuring Windows Firewall with Advanced Security

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Chapter 2: Basic Switching Concepts and Configuration

Cyber Security Awareness

BCS ISSG Linux Day Securing Linux

The Internet of Unsecure Things

12 STEPS TO A GDPR AWARE NETWORK

Welcome to all Participants

Security week 1 Introductions Class website Syllabus review

Technology Convergence

Hacking Windows Damian Gordon.

Computer Networks Protocols

Protection Mechanisms in Security Management

6. Application Software Security

Presentation transcript:

WTF… About the unsecurity of IoT DIY.DESPAIR.COM WTF… About the unsecurity of IoT

The Problem 2.0. 100% Fail. WTF.

CERN: Under attack like everyone else

Emerging Threats? Not really

CERN’s Internet of Stupid Things

Complexity Vulnerabilities Exposure Threats Complexity Vulnerabilities Dependencies Consequences This will not go away!

The CERN Computing Rules “Computer Security” governed by OC5 All CERN staff & users as well as all users of CERN’s computing facilities are bound to it In first instance, you are responsible for the cyber-security of your accounts, devices, systems, software, … Violation of OC5 might lead to sanctions Control System Cyber-Security regulated by the “CNIC” All systems should follow their respective “Security Baseline” https://cern.ch/ComputingRules The CERN Computing Rules

Stay mainstream: Do not reinvent the wheel Stay mainstream: Do not reinvent the wheel. With the crowd, you benefit from the below. Keep your system up-to-date: Be able to patch in reasonable time. Control remote access: Delete default accounts. Change default passwords. Filter inputs: Every remotely provided input must be validated and sanitized! Use encryption: …for confidential information (e.g. passwords). Kill all unnecessary services: Disable Telnet, FTP …and run a local firewall. Understand dependencies: DHCP? NTP? SSO/LDAP/AD? Defend in depth: Network segregation and firewalls help, but do not prevent lateral movements. Do not span up a local WLAN, wireless access point, etc.! Have a plan: For patching. For incident response. Get training & let us help you: https://cern.ch/security & Computer.Security@cern.ch 10 Points to Consider