Hello !
Trace: ITT Relay module

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:iot-open:security_and_privacy_in_iot_ume:iot_security [2018/09/30 12:08] Agrisniken:iot-open:security_and_privacy_in_iot_ume:iot_security [2020/07/20 12:00] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== IoT security and privacy======+======  ======  
 +<box #d04a25></box> 
 +<box #d04a25></box> 
 +====== IoT Security and Privacy====== 
 +<box #d04a25></box> 
 +<box #d04a25></box>
  
 **// Concept of information security and its importance. //** **// Concept of information security and its importance. //**
  
-There are two approaches to determination of the concept of "information security":+There are two approaches to the determination of the concept of information security:
  
-**1. Information security** — status of the safety of information resources and the protection of legitimate rights of the personality and society in the information sphere. +  - **Information security** – the status of the safety of information resources and the protection of the legitimate rights of the personality and society in the information sphere.   
-   +  **Information security** – is a process of support for confidentiality, integrity and accessibility of information.
-**2. Information security** is a process of support for confidentiality, integrity and accessibility of information.+
  
-**Confidentiality**: Ensuring access to information only to authorised users.+**Confidentiality** – ensuring access to information only to authorised users. 
  
-**Integrity**: Support of reliability and completeness of information and methods of its processing.+**Integrity** – support of reliability and completeness of information and processing methods.
    
-**Accessibility**: Ensuring access to information and related assets of authorised users as required.+**Accessibility** – ensuring access to information and related assets of authorised users as required.
    
 The properties given above are fundamental bases in the sphere of protection and safety of information. The properties given above are fundamental bases in the sphere of protection and safety of information.
    
-**Safety of information** — a status of security of data in case of which their confidentiality, accessibility and integrity are provided.+**Safety of information** – a status of the security of data in the case of which their confidentiality, accessibility and integrity are provided.
  
-Safety of information is defined by absence of the unacceptable risk connected to information leakage on technical channels, unauthorised and inadvertent impacts on data and (or) on other resources of an automated information system used in the automated system((R. Minerva, and A. Biru, "Towards a Definition of the Internet of Things," in IEEE IoT Initiative White Paper))+Safety of information is defined by the absence of the unacceptable risk connected to information leakage on technical channels, unauthorised and inadvertent impacts on data and (or) on other resources of an automated information system used in the automated system  ((R. Minerva, and A. Biru, "Towards a Definition of the Internet of Things," in IEEE IoT Initiative White Paper)).
  
-To understand what activities for support of information security consist it is necessary to understand the value of three major concepts clearly: risk, threat and vulnerability.+To understand what activities for the support of information security consist of, it is necessary to understand the value of three major concepts clearly: risk, threat and vulnerability.
    
-**The risk of information security** a possibility that this threat will be able to use the vulnerability of an asset or group of assets and by that will cause damage to the organisation.+**The risk of information security** – a possibility that this threat will be able to use the vulnerability of an asset or group of assets and by that will cause damage to the organisation.
    
-**The threat** is a potential or real-life danger of making of any act (actions or inactivities) directed against the subject to protection (information resources) causing damage to the owner, owner or user, which is shown it is in danger of distortion and losses of information. +**The threat** – a potential or real-life danger of making of any act (actions or inactivities) directed against the subject to protection (information resources) causing damage to the owner or user, which is shown it is in danger of distortion and losses of information.
  
-**Vulnerability** is a shortcoming, the error in implementation which does possibly the unforeseen impact on system attracting failures in system operation is more often. Vulnerabilities are classified by a set of signs. One of the most important signs — harm which can be caused by the system, using vulnerability. Most often understand the specific mistake made in case of design or coding of the system as a vulnerability.+**Vulnerability** – a shortcoming, the error in implementation which does possibly the unforeseen impact on system attracting failures in system operation is more often. Vulnerabilities are classified by a set of signs. One of the most important signs – harm which can be caused by the system, using vulnerability. Most often understand the specific mistake made in case of design or coding of the system as a vulnerability.
  
-In case of appearance of new information technologies and furthermore the whole information branches, there is a vast number of potential threats and vulnerabilities which shall be probed correctly. Indeed, the Internet of Things did not become an exception((H. Reza Ghorbani, M. Hossein Ahmadzadegan, "Security challenges in the Internet of Things: a survey", Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017.))+In case of the appearance of new information technologies and furthermore the whole information branches, there is a vast number of potential threats and vulnerabilities which shall be probed correctly. Indeed, the Internet of Things did not become an exception  ((H. Reza Ghorbani, M. Hossein Ahmadzadegan, "Security challenges in the Internet of Things: a survey", Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017.)).
    
-The recent report of Gartner predicts that by 2020 20,4 billion connected to IoT will be connected, at the same time will be joined every day 5,5 million new devices. Besides, by 2020 more than half of sizeable new business processes and systems will include the IoT component.+The recent report of Gartner predicts that by 2020, 20.4 billion devices will be connected to IoTand at the same time will be joined every day by 5,5 million new devices. Besides, by 2020more than half of sizeable new business processes and systems will include the IoT component.
  
-These digits stun and assume that standard protection the PC and anti-virus solutions will not be able to resist to future threats of cybersecurity on the attached devices IoT.+These digits are surprising and assume that standard protection the PC and anti-virus solutions will not be able to resist future threats of cybersecurity on the attached devices IoT.
    
  
-For the last few years, many widespread cyber attacks showed risks of the inadequate safety of IoT. Perhaps, the attack of "Stuxnetaimed at the industrial programmable logic controllers (PLC) at the Iranian uranium enrichment plant became the most known. Experts read that Stuxnet destroyed up to 1000 centrifuges connected through broadband networks to the PLCs devices working under control of the Windows operating system at the PCs standard platforms.+For the last few years, many widespread cyber attacks showed risks of the inadequate safety of IoT. Perhaps, the attack of Stuxnet” aimed at the industrial programmable logic controllers (PLC) at the Iranian uranium enrichment plant became the most known. Experts read that Stuxnet destroyed up to 1000 centrifuges connected through broadband networks to the PLCs devices working under control of the Windows operating system at the PCs standard platforms.
  
 In 2016 was many serious attacks directed to IoT devices. Mirai botnet became one of such attacks. This specific a bot network infected numerous IoT devices (first of all old routers and IP cameras) and then used them for superimposing of Dyn DNS provider utilising the DDoS-attack. The botnet of Mirai destroyed Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter and some other the large websites. This piece of the malicious code used the devices using outdated versions of a kernel of Linux and relied on the fact that most users do not change names users/passwords by default on the devices. In 2016 was many serious attacks directed to IoT devices. Mirai botnet became one of such attacks. This specific a bot network infected numerous IoT devices (first of all old routers and IP cameras) and then used them for superimposing of Dyn DNS provider utilising the DDoS-attack. The botnet of Mirai destroyed Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter and some other the large websites. This piece of the malicious code used the devices using outdated versions of a kernel of Linux and relied on the fact that most users do not change names users/passwords by default on the devices.
  
-Many companies reduce costs of production, not including sufficient space for storage on the devices to provide updating of a kernel Linux. Because of it kernels which include vulnerabilities work on many IoT devices. Vendors need to learn this lesson and to allow each device to update regularly kernels. Until this problem is solved, IoT devices will still suffer from the weight of exploits.+Many companies reduce the costs of production, not including sufficient space for storage on the devices to provide updating of a kernel Linux. Because of itkernels which include vulnerabilities work on many IoT devices. Vendors need to learn this lesson and to allow each device to update regularly kernels. Until this problem is solved, IoT devices will still suffer from the weight of exploits.
  
 In November 2016 ((https://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016)) cybercriminals closed heating of two buildings in the city of Lappeenranta, Finland. It was the DDoS-attack; in this case, the attack allowed heating controllers to reboot the system permanently, so heating was not made. As the temperature in Finland fell below zero at this time, this attack caused very unpleasant consequences. In November 2016 ((https://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016)) cybercriminals closed heating of two buildings in the city of Lappeenranta, Finland. It was the DDoS-attack; in this case, the attack allowed heating controllers to reboot the system permanently, so heating was not made. As the temperature in Finland fell below zero at this time, this attack caused very unpleasant consequences.
  
-Even if you take reasonable measures of the safety of IoT, your connected gadgets can be compromised by criminals. Last fall the DSN Dyn-Internet service provider got under the attack which broke access to favourite websites. Attackers could take under control a large number of the devices connected to the Internet, such as video recorders and cameras. These devices that were used for carrying out the attack((Z. K. Zhang, M. C. Y. Cho, C. W. Wang, C. W. Hsu, C. K. Chen, S. Shieh, "IoT security: Ongoing challenges and research opportunities", Proc. IEEE 7th Int. Conf. Service-Oriented )) +Even if you take reasonable measures of the safety of IoT, your connected gadgets can be compromised by criminals. Last fall the DSN Dyn-Internet service provider got under the attack which broke access to favourite websites. Attackers could take under control a large number of devices connected to the Internet, such as video recorders and cameras. These devices that were used for carrying out the attack  ((Z. K. Zhang, M. C. Y. Cho, C. W. Wang, C. W. Hsu, C. K. Chen, S. Shieh, "IoT security: Ongoing challenges and research opportunities", Proc. IEEE 7th Int. Conf. Service-Oriented )).
- +
-IoT gives the almost infinite opportunities for connection of our devices and the equipmentFrom the point of view of creativity, this field is widely opened, with the endless set of methods "to connect devices". It can become the ample platform for people with the innovative ideas, but also it concerns also malefactors. Therefore, IoT offers both new opportunities for development, and potential security concerns. +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_security:Types of vulnerabilities of IoT]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_security:security_monitoring_for_the_iot]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_security:malware_detection_in_the_iot]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_security:iot_security_protocols]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_privacy]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_privacy:iot_privacy_in_common:privacy_preservation_in_the_iot]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_privacy:trust_and_trust_models_for_the_iot]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:iot_privacy:authentification_methods_in_iot_devices]] +
- +
-[[en:iot-open:security_and_privacy_in_iot_ume:Questions on the chapter]] +
  
 +IoT gives the almost infinite opportunities for connection of our devices and the equipment. From the point of view of creativity, this field is widely opened, with the endless set of methods “to connect devices”. It can become an ample platform for people with innovative ideas, but also it concerns also malefactors. Therefore, IoT offers new opportunities for development and potential security concerns.
en/iot-open/security_and_privacy_in_iot_ume/iot_security.1538298523.txt.gz · Last modified: (external edit)
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0