IS USING INTERNET SAFE?

In recent years, the rise of the Internet of Things (IoT) has been increasing worldwide, so it is necessary to reflect on the risks and opportunities of these new technologies, in addition to analyzing why the industry is like this as the users themselves, we become aware of the need for these practices.
In this document they seek to coordinate the possible standardizations that are so well needed within this growing industry (IoT). The document begins with a definition about IoT made up of two concepts:The IoT components are connected
by a network that provides a relationship between them (using or not TCP / IP).
Some of its components are
sensors or actuators that allow it to interact with the physical world.
The larger universe is known as
an IoT environment that interacts with the IoT system, which in turn is made up
of one or more components that interact with the physical world.
·
Cybersecurity and IoT
areas are defined as:
·
Cryptographic techniques
(Encryption, Digital Signature)
·
Cybersecurity incident
management
·
Hardware assurance
Identity and Access Management
·
Information security
management systems
·
Security evaluations in IT
systems
·
Network Security
Automation and continuous monitoring
·
Software Assurance
·
Risk management in the
supply chain
·
Systems Security
Engineering.
Where there is the greatest need
according to the document is in the security evaluation of IT systems, and
Security in Telecommunication Networks, in the other areas there are standards
although the implementation can be very slow or with little penetration in the
industry. This document establishes the status within the IoT security
industry, and is a great administrative advance, after the standardization
comes a long phase of implementation within companies, devices that comply with
UL 2900 (ANSI Standard) same as in accordance UL is about to be published and
approved by the SCC of Canada for implementation, which are certified by the ZWave
Alliance or by ICSA Labs.
One form of standardization is
the creation of reference frameworks for IoT, and IoT Security, let's see an
example of each: for the first case we have a reference framework from the
Online Trust Alliance, known as the IoT Trust Framework, in the indicate that
there are 6 items that should be taken into account as a requirement for
"thing", these are: Cryptography, Communications, Authentication,
Physical Security, Platform Security, Alerting and Logging, when commenting on
these items we also see reflected the broad context of things, in security
matters we can mention OWASP, who now has a section on IoT security, and
generates a document about the attack surface areas of an IoT device, these
are:
·
Ecosystem Access Control
·
Device physical memory
·
Device physical interfaces
·
Web interface
·
Firmware
·
Network Services
·
Administrative interface
·
Data stored locally
·
Cloud web interface
·
Third party APIs
·
Authentication mechanisms
·
Mobile apps
·
Manufacturer APIs
·
Communications ecosystem
·
Network Traffic
Comments
Post a Comment