Course info
Mar 16, 2018
1h 33m

Internet of Things is everywhere, not just the smart bulbs in your house, we can find IoT in cars, medical devices or public infrastructure in smart cities. In this course, Internet of Things (IoT) Security: The Big Picture, you will learn about the most common security vulnerabilities for IoT solutions and how to address and mitigate them. First, you’ll learn about embedded devices which are the building blocks for IoT solutions and the key differences from traditional IT infrastructure. Next, you’ll learn about the security risks specific to embedded devices and how they get compromised as well as the implications of using development frameworks which don’t have strong support for security. Finally, you’ll learn how to leverage current IT trends such as big data, threat modeling, and secure DevOps to improve security capabilities of internet of things across their lifecycle. When you’re finished with this course, you will have the skills and the knowledge to leverage security standards and frameworks to assess the risk of insecure devices and services and the guidance to develop and improve security capabilities across the landscape.

About the author
About the author

Cristian is a Information Security Professional with experience in supply chain, manufacturing, gaming, and entertainment sectors for Fortune 500 companies. He has provided expertise in incident response cases by performing forensic investigations, malware analysis, and elaborating mitigation plans against complex cyber attacks.

More from the author
Advanced Malware Analysis: Ransomware
1h 29m
Jan 24, 2019
Threat Intelligence: The Big Picture
1h 43m
Aug 3, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Cristian Pascariu, and welcome to my course: Internet of Things Security: The Big Picture. I'm an information security professional, and have dealt with Internet of Things both on the offensive, as well as defensive side. Did you know that these days both nets composed of compromised IoT devices are being used for some of the biggest distributed denial of service attacks, and hackers take advantage of default passwords to compromise internet connected devices in the consumer market, as well as in industrial applications. This course will provide you with a solid foundation for securing the Internet of Things. This is a big picture course, so no prior experience is required. Some of the major topics that we'll cover include: defining IoT, threats and risk factors, security by design, mitigations and security guidance. By the end of this course, you will have a solid foundation to leverage security standards and frameworks to identify and mitigate vulnerabilities across the IoT landscape. From here, you can continue learning by diving into IoT security, with courses on penetration testing, and secure coding. I hope you'll join me on this journey to learn IoT security, with the Internet of Things Security: The Big Picture course, at Pluralsight.

Growth of IoT
Hello, and welcome to my Pluralsight course: Internet of Things Security: The Big Picture. My name is Cristian Pascariu. I'm an information security professional, and together we will dive into all the important security aspects of this new emerging industry called IoT. The tech industry is growing at an amazing pace, and we are surrounded by more and more devices that are connected to the internet; sharing and exchanging information, our private information. At the same time, we're witnessing a large number of security breaches, which are growing in number and in size. Connected devices are also a major target to the point where cars can get hacked, putting human lives in danger. Because of this, there is a solid need for security, and we will address all the important aspects of IoT in this course. In this module, we will look at the evolution of technology, and how IoT finds itself at the intersection between technology, automation, and costs. We will kick off this first module by defining the concept of internet of things, and what this actually means. After, we will analyze the requirements of these devices and their success factors. And finally, we will be continuing on throughout the next modules by looking at IoT security from various perspectives within a product team.

Embedded Devices vs. Computers
There is a new shift in the way we use, develop, and test information systems, and in this module we'll tackle the major differences between embedded devices and computers. The most obvious one is physical security, and we will look at the controls for protecting servers in datacenters, controls which are not available or scalable for IoT solutions. Getting into a bit more detail, between hardware and software there are a lot more of data protection mechanisms developed over the years for computers which are not at the same maturity level for IoT solutions. The internet sometimes may be a hostile environment, and for computers, there have been developed over the years intrusion detection and prevention mechanism to prevent unauthorized access to data. In some situations, error handling may open up several avenues for hackers to gain information about how the device works and handles data. Many of the recent attacks could have been mitigated if proper update mechanisms were in place, and we'll look at the particularities for IoT solutions. But before all this we have to start with the scope of the devices because this will answer some of the choices that were made during the development phase.

Designing Secure Devices and Services
In this last module, we will be looking at some of the approaches and the best practices toward designing secure devices and services. We will kick off this last module by looking at the secure by design paradigm, and some of the benefits that we gain when applied for smart devices. After, we will be analyzing some of the current frameworks for Internet of Things devices and the security capabilities that come with them. There are also a lot of trends across the IT landscape, such as big data or secure DevOps. We will see how to leverage these to improve security, as well as solving some of the other challenges across the solution lifecycle. Up next, we will look at some of the limitations of the traditional security approach, and where secure by design can help to overcome these.