Securing the Internet of Things (IoT)

Securing the Internet of Things (IoT) has become increasingly difficult. Devices are often shipped with out-of-date operating systems and unmaintained code, which is littered with vulnerabilities. To add to the frustration, traditional security solutions cannot be installed on many of these devices. However, even though technology cannot be installed directly on the device, they can be installed on the network which they connect to.

Many commercial and open-source tools are available to protect networks, providing access to the Internet of Things. In this presentation, I will demonstrate the usage of Bro IDS, an open-source network security monitor solution to detect IoT traffic up to OSI layer 7. Additionally, I will show how several free providers of threat intelligence can integrate directly into Bro's scripting language for additional insight into malicious activities.

It’s important to know when new devices appear on the network, but knowing is only half the battle. We must also decide what to do with those new devices. This presentation will also demonstrate how to integrate asset discovery with nmap and OpenVAS to determine if new smart device pose any risk.

Finally, having all these tools at our disposal is nothing without being able to expose the data they generate. All of the data can be collected, normalized, stored and visualized with the open-source ELK stack. Elasticsearch, Logstash and Kibana are a powerful suite of tools designed to expose this type of machine data. Session attendees will learn how to deploy these tools, with tips on performance and how to make them more intelligent.

All of these tools and methodologies run on inexpensive hardware, such as the Raspberry Pi. The session will provide all the code and configurations to get this environment up and running in a matter of hours. For those looking for a more scale-able solution, these tactics and tools can be adapted to enterprise scale deployments, as well. Attendees can expect to take away methodologies they can put to use right away, from dorm room to data center.

Travis Smith

Travis Smith is a Principle Security Researcher at Tripwire. He has over 10 years experience in security, holds an MBA with a concentration in information security, and multiple certifications including CISSP, GIAC and GPEN. Travis specializes in integrating various technologies and processes, with a passion for forensics and security analytics with the goal of helping people identify and mitigate real threats. Having spoken at conferences such as Black Hat, RSA, and SecTor, Travis loves to share his passion and ideas with like minded folks.