Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Crowdsourced Cybersecurity
Your Life Is The Attack Surface: The Risks of IoT in 2016
Jason Haddix, Head of Trust and Secur...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Who am I?
Hacker, father and ...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
What are we talking about tod...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
What is this ‘IoT’?
“The Inte...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
A brief history of IoT…
https...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
It’s a crazy world…
Some talk...
CONFIDENTIAL - DO NOT DISTRIBUTE +1 415 867 5351 casey@bugcrowd.com
Why should I care about this crazy stuff anyway?
CONFIDENTIAL - DO NOT DISTRIBUTE +1 415 867 5351 casey@bugcrowd.com
8
Security = Safety
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
What are the real risks?
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
IoT Security: Who is involved...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Typical Surface Areas
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Bugcrowd Case Studies
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Bugcrowd Case Studies
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Bugcrowd Case Studies
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
IoT Security Mitigation
Consu...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
IoT Security Mitigation
Devel...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
Resources
https://www.owasp.o...
Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com
The Future and Questions
What...
Crowdsourced Cybersecurity
Questions?
Ha terminado este documento.
Descárguela y léala sin conexión.
Próximo SlideShare
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Siguiente
Próximo SlideShare
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Siguiente
Descargar para leer sin conexión y ver en pantalla completa.

Compartir

Your Life Is The Attack Surface: The Risks of IoT in 2016

Descargar para leer sin conexión

The unprecedented growth and adoption of connected devices has created innumerable new threats for organizations, manufacturers, and consumers, while at the same time creating unprecedented opportunities for hackers.

Watch the webcast: https://www.brighttalk.com/webcast/288/221505

  • Sé el primero en recomendar esto

Your Life Is The Attack Surface: The Risks of IoT in 2016

  1. 1. Crowdsourced Cybersecurity Your Life Is The Attack Surface: The Risks of IoT in 2016 Jason Haddix, Head of Trust and Security, Bugcrowd
  2. 2. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Who am I? Hacker, father and lover of EDM Director of Penetration Testing - HP Fortify Sr. Security Engineer - Redspin, Inc and now… Bugcrowd Previously: Director of Technical Operations Now: Head of Trust & Security
  3. 3. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com What are we talking about today? History + Evolution of the Internet of Things Risks - Perceived and Real of IoT IoT & Security Testing Resources + Projects Future of IoT Security Main Takeaways 3
  4. 4. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com What is this ‘IoT’? “The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.”
  5. 5. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com A brief history of IoT… https://www.semiwiki.com/forum/content/5559-quick- history-internet-things.html
  6. 6. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com It’s a crazy world… Some talks from IoT Village in DEFCON this year
  7. 7. CONFIDENTIAL - DO NOT DISTRIBUTE +1 415 867 5351 casey@bugcrowd.com Why should I care about this crazy stuff anyway?
  8. 8. CONFIDENTIAL - DO NOT DISTRIBUTE +1 415 867 5351 casey@bugcrowd.com 8 Security = Safety
  9. 9. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com What are the real risks?
  10. 10. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com IoT Security: Who is involved? The Players: Manufacturer Developer Consumer
  11. 11. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Typical Surface Areas
  12. 12. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Bugcrowd Case Studies
  13. 13. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Bugcrowd Case Studies
  14. 14. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Bugcrowd Case Studies
  15. 15. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com IoT Security Mitigation Consumer Protection: Research your device before purchase Change and use strong passwords Use strong WiFi encryption Update the device regularly Check device for additional security configurations Disable features not being used
  16. 16. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com IoT Security Mitigation Developer / Manufacturer Guidance: Use and Force SSL for communication Allow and encourage strong passwords Require the user to change default passwords Do not use hard-coded passwords in source Provide a simple and secure update process with a chain of trust Secure any web interface and API from bugs listed in the OWASP Top Ten Web Vulnerabilities
  17. 17. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com Resources https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project https://builditsecure.ly/https://www.iamthecavalry.org/
  18. 18. Your Life Is The Attack Surface: The Risks of IoT in 2016 @jhaddix jason.haddix@bugcrowd.com The Future and Questions What causes change? 1. Learning big lessons 2. Standards 3. Policy 4. Legislation & compliance Questions? @jhaddix & Jason.haddix@bugcrowd.com
  19. 19. Crowdsourced Cybersecurity Questions?

The unprecedented growth and adoption of connected devices has created innumerable new threats for organizations, manufacturers, and consumers, while at the same time creating unprecedented opportunities for hackers. Watch the webcast: https://www.brighttalk.com/webcast/288/221505

Vistas

Total de vistas

457

En Slideshare

0

De embebidos

0

Número de embebidos

0

Acciones

Descargas

13

Compartidos

0

Comentarios

0

Me gusta

0

×