Monitoring of Vulnerabilities

Monitoring of information security became a more and more comprehensive task. Thanks to trust relationships policies, administrators shall track a considerably large number of devices and platforms. And certainly, also face the growing flow of the devices coming to a network through IoT. Temperature sensors and the connected engines, refrigerating aggregates and modules of energy management – all this as already more than once it was mentioned above, is a source of new and also well-known threats of information security and a receptacle of various vulnerabilities.

The more becomes potential vulnerabilities with IoT distribution, the more function of monitoring and detection of threats becomes essential. One of the most severe areas in this sphere is the growing use of cloud resources, at the same time the enterprises sometimes maintain several varieties of the public and private environment which generate own datasets of monitoring of safety. The growing number of ending points connected to IoT ecosystems also has an adverse effect on safety.

The data volume of safety, added to the system, is only one side of a coin. The same level of readiness for safety, as the normal ending points controlled by the user does not always have those devices which make IoT. It can lead to the fact that IoT devices will cause suspicious traffic, having caused still a big need for monitoring of vulnerabilities. These data arrays mean the bigger number of the logs of safety necessary for scanning and activation of different security protections and also sources of assessment and processing [1].

Today the zone of monitoring of network safety looks different than what it was only a few years ago. Administrators once knew where their territories begin and come to an end. There was a firewall, and there were accurately specific ending points. “Now the technology promoted to such an extent that you have a mobile phone, you have the virtual applications, you have the virtual machines, and you have cloud applications”, - Chris Thomas, the strategist of Tenable Network Security told. “You have no set of certain networks any more with accurately certain boundaries for the administrator of safety. These problems, he added, “over time will only worsen because we have an Internet of things”. Whenever network edges extend to envelop new locations, the new environments and new machines, the volume of the log of safety this, requiring revising, also grow.

When several separate networks suddenly get into one big interdependent group, administrators and specialists in information security should understand how safety is ensured and as the standard template of traffic looks. It also often means that monitoring of safety and vulnerabilities shall be quickly applied to places which were not under attention earlier [2].

In the previous subject of lectures types of the vulnerabilities widespread in IoT were considered, in same it is necessary to list the primary methods of preventing threats of information security considering relevant vulnerabilities.

For neutralisation of the vulnerabilities connected to problem aspects of network interfaces exist the following methods:

  • the initial setup, including the mandatory change of the password by default,
  • support of reliable mechanisms of recovery of the password and information security about the valid accounting entries,
  • support of the web interface is insensitive to XSS, SQLi or CSRF,
  • the password policy, regulating the complexity of passwords,
  • support of lock of the accounting entry after a certain number of abortive attempts to log in.

To provide the necessary reliability of authentication and authorisation, used on IoT devices, the following methods will help:

* configuring of reliable password policies,
* support for granular monitoring of access if necessary,
* support for appropriate protection of registration data,
* implementation of two-factor authentication,
* safety of mechanisms of recovery of the password,
* the organisation repeated authentication for sensitive functions of devices.

Methods of the safety of network services:

  • organisation of access to necessary ports,
  • a configuration and use of services, not vulnerable to buffer overflow and similar attacks,
  • a configuration and use of services, not vulnerable to DoS and DDoS – the attacks which can affect the device or other devices and users on the local area network or other networks,
  • use of UPnP and similar technologies for ensuring access to network ports or services.

The following measures are applied to the elimination of the vulnerabilities connected to the use of cloud computing:

* the organisation of the system of change of the password by default for new users of standard services,
* support of lock of accounting entries after a certain number of abortive attempts to log in,
* use of the cloudy web interfaces steady against XSS, SQLi or CSRF,
* the organisation of the absence of leakage of registration data through cloud services,
* use of two-factor authentication if necessary. 

For the elimination of threats from physical vulnerabilities, the following methods are recommended:

  • support of impossibility of easy deleting data media,
  • support for the encoding of the saved data,
  • support of protection of USB ports or others of external ports,
  • minimising the number of external ports, such as USB, for the operation of a product.

[2] H. Reza Ghorbani, M. Hossein Ahmadzadegan, “Security challenges in the internet of things: a survey”, Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017.
en/iot-open/security_and_privacy_in_iot_ume/iot_security/security_monitoring_for_the_iot.txt · Last modified: 2020/07/20 09:00 by 127.0.0.1
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0