Practical Internet of Things Security

By : Russell, Van Duren

4 (1)

Buy this Book

Practical Internet of Things Security

4 (1)

By: Russell, Van Duren

Buy this Book

Overview of this book

With the advent of the Internet of Things (IoT), businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions. This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT solutions. In this second edition, you will go through some typical and unique vulnerabilities seen within various layers of the IoT technology stack and also learn new ways in which IT and physical threats interact. You will then explore the different engineering approaches a developer/manufacturer might take to securely design and deploy IoT devices. Furthermore, you will securely develop your own custom additions for an enterprise IoT implementation. You will also be provided with actionable guidance through setting up a cryptographic infrastructure for your IoT implementations. You will then be guided on the selection and configuration of Identity and Access Management solutions for an IoT implementation. In conclusion, you will explore cloud security architectures and security best practices for operating and managing cross-organizational, multi-domain IoT deployments.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

A Brave New World

Defining the IoT

Cybersecurity versus IoT security

The IoT of today

The IoT ecosystem

The IoT of tomorrow

Summary

Vulnerabilities, Attacks, and Countermeasures

Primer on threats, vulnerability, and risks

Primer on attacks and countermeasures

Today's IoT attacks

Lessons learned and systematic approaches

Summary

Approaches to Secure Development

The Secure Development Life Cycle (SDLC)

Handling non-functional requirements

The need for software transparency

Summary

Secure Design of IoT Devices

The challenge of secure IoT development

Secure design goals

Summary

Operational Security Life Cycle

Defining your security policies

Defining system roles

Configuring gateway and network security

Bootstrapping and securely configuring devices

Setting up threat intelligence and vulnerability tracking

Managing assets

Managing keys and certificates

Managing accounts, passwords, and authorizations

Managing firmware and patching updates

Monitoring your system

Training system stakeholders

Performing penetration testing

Managing compliance

Managing incidents

Performing end-of-life maintenance

Summary

Cryptographic Fundamentals for IoT Security Engineering

Cryptography and its role in securing the IoT

Cryptographic module principles

Cryptographic key management fundamentals

Examining cryptographic controls for IoT protocols

Future-proofing IoT cryptography

Summary

Identity and Access Management Solutions for the IoT

An introduction to IAM for the IoT

The identity life cycle

Authentication credentials

IoT IAM infrastructure

Authorization and access control

Summary

Mitigating IoT Privacy Concerns

Privacy challenges introduced by the IoT

Guide to performing an IoT PIA

Privacy by design

Privacy engineering recommendations

Summary

Setting Up an IoT Compliance Monitoring Program

IoT compliance

A complex compliance environment

Summary

Cloud Security for the IoT

The role of the cloud in IoT systems

The concept of the fog

Threats to cloud IoT services

Cloud-based security services for the IoT

Summary

IoT Incident Response and Forensic Analysis

Threats to both safety and security

Defining, planning, and executing an IoT incident response

Detection and analysis

IoT forensics

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

4 (1)

5 star

4 star

100%

3 star

2 star

1 star

The identity life cycle

Before we begin to examine the technologies that support IAM for the IoT, it is useful to lay out the life cycle phases of what we call identity. The identity life cycle for an IoT device begins with defining the naming conventions for the device; it ends with the removal of the device's identity from the system. The following diagram provides a view of the process flow:

This life cycle procedure should be established and applied to all IoT devices that are procured, configured, and ultimately attached to an organization's network. The first aspect requires a coordinated understanding of the categories of IoT devices and systems that will be introduced within your organization, both now and in the future. Establishing a structured identity namespace will significantly help manage the identities of the thousands or millions of devices that will...