Skip to main content

Posts

Showing posts from September, 2014

Internet of Things – are we ready?

In my last post I presented my concept how to secure the IoT. I’m aware that it is not a full specification or a guide how to do that. I wanted to start a discussion because I see many weaknesses, which can threaten the overall concept of the IoT. As you probably aware every system and network have vulnerabilities. The question is when we discover them. I assume the same scenario will be with the IoT. It doesn’t matter how strong we will secure the end points. There will be always someone who wants to break our protection. Let’s analyze impact of a DDOS attack on the IoT. Today being under attack means you can lose your money, sometimes your reputation, but I don’t think it can really danger your or someone else life. Now, we are just before a big step, which introduces us into the new era. Imagine situation where everything is ‘connected’, what means, it can be targeted by hackers. If you read my previous post you may remember some examples with a TV or a fridge. For suc...
Post a Comment
Read more

SECURE the Internet of Things (IoT)

I would like to present my idea how to protect the IoT. I’m aware that my design may contain some errors. It’s just my version. The concept of ‘Internet of Things’, where many ‘things’ interact between each other, requires new model of security. I would like to propose my idea of using existing elements, which are reliable and widely used in today’s networks. KEY ELEMENTS Zone - a virtual area where different hosts are located and depends on the zone membership you can set up different types of secure connections. Host – a device with Internet interface and security features. GET VPN –Group Encrypted Transport VPN – a tunnel-less VPN technology that provides end-to-end security for network traffic. GET VPN Server/Key Server - responsible for maintaining security policies, authenticating the GMs and providing the session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after successful registration the GMs can par...
Post a Comment
Read more

Mitigating a DDOS attack – can you really do it?

Today I would like to smash your confidence about the security of your organization. You spent hundreds of dollars or euros on your security devices and you think you are safe. I believe there are many organizations like yours that think the same thing. Once they become victims, they realize they are not as safe as they had thought. Let’s talk about DOS/DDOS attacks. I think most people have some knowledge about them. Today we should not talk only about DOS attacks because the risk of being seriously impacted is very low. Most network devices can easily mitigate such attacks because they come from one source IP address. The situation is different when we receive illegitimate traffic from many IP addresses. There are two possibilities here: we can be flooded by traffic from a real, existing source IP address or addresses; or there is one real source IP, but the packets contain random source IPs, which means you are not able to block them easily. We can distinguish the fol...
Post a Comment
Read more