物联网安全实践指南：Practical Internet of Things Security

security

需积分: 14 172 浏览量更新于2024-07-18 5 收藏 4.87MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"《Practical Internet of Things Security》是一本深入探讨物联网安全的实用指南，由Brian Russell和Drew Van Duren合著，由Packt Publishing出版。这本书旨在帮助读者理解并实现物联网环境中的安全系统构建和部署。" 在物联网（IoT）领域，安全问题日益凸显，因为物联网设备广泛连接并涉及各种敏感数据传输。这本书详细阐述了如何在我们的物联网世界中构建和部署安全系统，提供了一系列实用且不可或缺的安全策略。物联网安全涵盖多个方面，包括但不限于： 1. **设备安全**：物联网设备通常具有有限的计算资源和存储空间，因此需要特别设计的安全机制来防止恶意攻击，如固件篡改和物理篡改。 2. **网络通信安全**：物联网设备之间的通信必须加密，以防止中间人攻击和数据窃取。SSL/TLS等协议的应用是确保数据在传输过程中的安全性的关键。 3. **身份验证与授权**：确保每个设备和用户的身份，通过强认证机制（如双因素认证）和细粒度的访问控制，限制未经授权的访问。 4. **隐私保护**：物联网设备收集大量用户数据，因此必须遵循严格的隐私政策，并采用匿名化、去标识化等技术来保护用户隐私。 5. **软件更新与补丁管理**：及时的软件更新和安全补丁发布对于修复已知漏洞至关重要。有效的更新机制可以防止未修补的设备成为攻击的目标。 6. **安全设计原则**：遵循“安全设计从一开始就应考虑”的原则，如最小权限原则、安全默认设置和设计弹性。 7. **威胁检测与响应**：建立实时监控和报警系统，以便快速发现和应对安全事件，同时制定应急响应计划以减轻潜在损失。 8. **法规遵从性**：物联网设备和解决方案必须遵守各种行业标准和法规，如GDPR、HIPAA等，以确保合规运营。 9. **供应链安全**：物联网设备的供应链可能涉及多个供应商，每个环节都可能成为攻击入口。因此，对供应链进行严格的审核和管理至关重要。 10. **安全教育与培训**：提升用户和组织的安全意识，通过定期培训减少因人为错误导致的安全风险。《Practical Internet of Things Security》这本书不仅提供了理论知识，还包含实际案例分析和最佳实践，以帮助读者在物联网安全方面建立全面的理解和应用能力。书中的内容对于物联网开发者、安全专业人员以及对此领域感兴趣的人士来说，都是宝贵的资源。

资源详情

资源推荐

Table of Contents

[ vii ]

Cloud IoT security controls 268

Authentication (and authorization) 268

Amazon AWS IAM 268

Azure authentication 269

Software/rmware updates 269

End-to-end security recommendations 270

Maintain data integrity 271

Secure bootstrap and enrollment of IoT devices 272

Security monitoring 272

Tailoring an enterprise IoT cloud security architecture 273

New directions in cloud-enabled IOT computing 275

IoT-enablers of the cloud 275

Software dened networking (SDN) 275

Data services 276

Container support for secure development environments 276

Containers for deployment support 277

Microservices 277

The move to 5G connectivity 278

Cloud-enabled directions 278

On-demand computing and the IoT (dynamic compute resources) 278

New distributed trust models for the cloud 279

Cognitive IoT 280

Summary 280

Chapter 10: IoT Incident Response 281

Threats both to safety and security 282

Planning and executing an IoT incident response 285

Incident response planning 287

IoT system categorization 287

IoT incident response procedures 289

The cloud provider's role 290

IoT incident response team composition 291

Communication planning 292

Exercises and operationalizing an IRP in your organization 292

Detection and analysis 293

Analyzing the compromised system 295

Analyzing the IoT devices involved 298

Escalate and monitor 299

Containment, eradication, and recovery 300

Post-incident activities 301

Summary 302

Index 303

Preface

[ ix ]

Preface

Only a few people would contest the assertion that the phenomenon of the

Internet of Things poses problems related to security, safety, and privacy. Given

the remarkable industrial and consumer diversity of the IoT, one of the principal

challenges and goals we faced when electing to write this book was determining

how to identify and distill the core IoT security principles in as useful, but

industry-agnostic a way as possible. It was equally important to balance real-world

application with background theory, especially given the unfathomable number

of current and forthcoming IoT products, systems, and applications. To end this,

we included some basic security (and safety) topics that we must adequately, if

minimally, cover as they are needed as a reference point in any meaningful security

conversation. Some of the security topics apply to devices (endpoints), some to

communication connections between them, and yet others to the larger enterprise.

Another goal of this book was to lay out security guidance in a way that did not

regurgitate the vast amounts of existing cybersecurity knowledge as it applies to

today's networks, hosts, operating systems, software, and so on, though we realized

some is necessary for a meaningful discussion on IoT security. Not wanting to

align with a single industry or company selling products, we strove to sufciently

carve out and tailor useful security approaches that encompass the peculiarities

and nuances of what we think both distinguishes and aligns IoT with conventional

cybersecurity.

A wide range of both legacy industries (for example, home appliance makers, toy

manufacturers, automotive, and so on) and startup technology companies are today

creating and selling connected devices and services at a phenomenal and growing

rate. Unfortunately, not all are terribly secure—a fact that some security researchers

have unrelentingly pointed out, often with a sense of genuine concern. Though much

of the criticism is valid and warranted, some of it has unfortunately been conveyed

with a certain degree of unhelpful hubris.

Preface

[ x ]

Interestingly, however, is how advanced some of the legacy industries are with

regard to high-assurance safety and fault-tolerant design. These industries make

extensive use of the core engineering disciplines—mechanical, electrical, industrial,

aerospace, and control engineering—and high-assurance safety design to engineer

products and complex systems that are, well, pretty safe. Many cybersecurity

engineers are frankly ignorant of these disciplines and their remarkable contributions

to safety and fault-tolerant design. Hence, we arrive at one of the serious

obstructions that IoT imposes to achieving its security goals: poor collaboration

between safety, functional, and security engineering disciplines needed to design

and deploy what we term cyber-physical systems (CPS). CPS put the physical

and digital engineering disciplines together in ways that are seldom addressed in

academic curricula or corporate engineering ofces. It is our hope that engineers,

security engineers, and all types of technology managers learn to better collaborate

on the required safety and security-assurance goals.

While we benet from the IoT, we must prevent, to the highest possible degree, our

current and future IoT from harming us; and to do this, we need to secure it properly

and safely. We hope you enjoy this book and nd the information useful for securing

your IoT.

What this book covers

Chapter 1, A Brave New World, introduces you to the basics of IoT, its denition, uses,

applications, and its implementations.

Chapter 2, Vulnerabilities, Attacks, and Countermeasures, takes you on a tour where

you will learn about the various threats and the measures that we can take to

counter them.

Chapter 3, Security Engineering for IoT Development, teaches you about the various

phases of the IoT security lifecycle.

Chapter 4, The IoT Security Lifecycle, explores the operational aspects of the IoT

security lifecycle in detail.

Chapter 5, Cryptographic Fundamentals for IoT Security Engineering, provides a

background on applied cryptography.

Chapter 6, Identity and Access Management Solutions for the IoT, dives deep into identity

and access management for the IoT.

Chapter 7, Mitigating IoT Privacy Concerns, explores IoT privacy concerns. It will also

help you to understand how to address and mitigate such concerns.

Chapter 8, Setting Up a Compliance Monitoring Program for the IoT, helps you explore

setting up an IoT compliance program.

剩余335页未读，继续阅读

es_jet

粉丝: 0
资源: 20

物联网安全实践指南：Practical Internet of Things Security

Practical Industrial Internet of Things Security- Sravani Bhattacharjee

Vehicle CyberSecurity

Security Protection Technology of Cyber-Physical Systems

"[string \"/home/tpy/practical-cryptdb/wrapper.lua\"]:6: /home/tpy/practical-cr"

docker cookbook: over 100 practical and in...

a practical guide to tpm 2.0教材.pdf

4754-15776-3-PB.pdf

practical linux security cookbook, 云盘

practical uvm step by step pdf

practical time series analysis aileen nielsen pdf download

ct重建算法的文献推荐

给我找两篇英文文献有关于Java或者springboot框架或者vue的

tf.keras.metrics.sparse_categorical_accuracy

practical electronics for inventors第4版pdf

springsecurity 相关书籍

practical contiki-ng pdf

sar sensor有什么作用

ElGamal短签名的相关文献

practical methods of optimization

最新资源