A REPORT OF ONE MONTH TRAINING
At
Infosys Springboard
GURU NANAK DEV ENGINEERING COLLEGE LUDHIANA
SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE
AWARD OF THE DEGREE OF
BACHELOR OF TECHNOLOGY
(Electronics & Communication Engineering)
JULY ,2023
SUBMITTED BY: Harsh Upadhyay
URN:2104385
DEPARTMENT OF ELECTRONICS & COMMUNICATION
ENGINEERING GURU NANAK DEV ENGINEERING
COLLEGE
(An Autonomous College Under UGC ACT)
1
CANDIDATE'S DECLARATION
I “Abhishek Bansal” hereby declare that I have undertaken one month training at
“Infosys Springboard” during a period from 11 July,2023 to 31July 2023 partial
fulfillment of requirements for the award of degree of B.Tech (Electronics and
Communication Engineering) at GURU NANAK DEV ENGINEERING COLLEGE,
LUDHIANA. The work which is being presented in the training report submitted to
Department of Electronics and Communication Engineering at GURU NANAK DEV
ENGINEERING COLLEGE, LUDHIANA is an authentic record of training work.
Signature of the Student
The one-month industrial training Viva–Voce Examination of has been held on and accepted.
Signature of Internal Examiner
Signature of External Examiner
2
ABSTRACT
Internet of Things: The Internet of Things (IoT) is a network of interconnected devices that can
transmit data and automate tasks without human intervention 1. IoT devices can be used for a
variety of purposes, including monitoring and tracking devices, automating homes and offices,
and creating smart cities 1. IoT technology has the potential to revolutionize healthcare by
alleviating the strain on healthcare systems caused by an aging population and a rise in chronic
illness 2. The Internet of Things is a rapidly growing field with many potential applications in
various industries.
Cyber Security:
Cybersecurity is the practice of protecting electronic systems, networks,
and data from malicious attacks 1. It involves a range of technologies, processes, and practices
designed to safeguard computers, servers, mobile devices, and other electronic systems from
unauthorized access, theft, damage. , or modification . Cybersecurity can be divided into several
categories such as network security, application security, information security, operational
security, disaster recovery and business continuity, and end-user education . Network security
focuses on securing a computer network from intruders and malware . Application security aims
to keep software and devices free of threats . Information security protects the integrity and
privacy of data in storage and transit . Operational security includes the processes and decisions
for handling and protecting data assets .
3
ACKNOWLEDGEMENT
First and foremost, gratitude to our college GNDEC, LDH’s faculty and
management for providing this opportunity to work and for giving us platform to
show our work. Thankful to our Respected prof. Narwant Singh Grewal (HoD) for
motivating and giving us valuable advice to work on this project. We would also
like to show our gratitude to our family and friends who provided us with all the
resources to work actively throughout this task.
4
List of Figures
1.1
Internet of Things
1.2 IoT edge computing
11
and IoT analytics
13
1.3 Internet of Things 101
16
1.4 Raspberry pi
2.1 Cryptography
17
20
2.2 Public key cryptography
21
2.3 Cyber
22
Security
2.4 Application
of security
33
2.5 Network Security
3
5
CONTENTS
Topic Page No.
Certificate by Institute
i
Candidate’s Declaration
ii
Abstract
iii
Acknowledgement
iv
List of Figures
v
List of Tables
vi-vii
CHAPTER 1 Internet of Things (IoT)
08-17
1.1 IoT platform introduction
08-09
1.2 IoT edge computing and IoT analytics
9-11
1.3 Internet of Things 101
11-13
1.4Internet of Things 201
13-15
1.5IoT communication technologies
15-17
CHAPTER 2 Cyber Security
18-29
2.1 introduction of Cyber Security
19
2.2 Fundamentals of Cryptography
20-22
2.2.1. Why Cryptography
21
2.2.2. Cryptography
21
2.2.3. Applications of Cryptography
22
2.3 Introduction to Cyber Security
23-27
2.3.1 Recent Cyber Attacks
24-25
2.3.2 Prevention from cyber attacks
26
2.3.3 Applications of cyber security
27
6
2.4 Network Security
27-32
Chapter 3 Conclusion
33
REFERENCES
34
7
CHAPTER-1
Internet of Things (IOT)
1.1 IoT Platform Introduction
An IoT platform is a software service that can manage and control a network of connected
devices. IoT platforms can perform various tasks, such as data collection, analysis, visualization,
device management, security, and application development. IoT platforms can enable different
types of IoT applications, such as consumer IoT, industrial IoT, or smart city IoT. Some examples
of IoT platforms are:
•
McKinsey: McKinsey is a global consulting firm that offers an IoT platform as part of its
digital transformation services. McKinsey’s IoT platform can help clients design,
implement, and operate IoT solutions across various industries and use cases. McKinsey’s
IoT platform can also provide insights and recommendations based on data analytics and
artificial intelligence.
•
Coursera: Coursera is an online learning platform that offers courses and specializations
on IoT. Coursera’s IoT platform can help learners gain the skills and knowledge needed
to build and deploy IoT applications using various technologies and tools. Coursera’s IoT
platform can also provide hands-on projects and peer feedback to help learners apply their
learning to real-world scenarios.
•
Hologram: Hologram is a cellular connectivity platform for IoT devices. Hologram’s IoT
platform can help users connect their devices to the internet using SIM cards and cloud
services. Hologram’s IoT platform can also provide device management, data routing,
security, and billing features to help users scale their IoT deployments.
8
[AWS IoT]: AWS IoT is a cloud platform that offers various services and solutions for IoT. AWS
IoT can help users connect, manage, and secure their IoT devices using AWS cloud infrastructure
and services. AWS IoT can also provide data processing, analytics, machine learning, and edge
computing features to help users create and optimize their IoT applications.
•
[Google Cloud IoT]: Google Cloud IoT is a cloud platform that offers a suite of tools and
services for IoT. Google Cloud IoT can help users connect, monitor, and control their IoT
devices using Google Cloud’s scalable and reliable infrastructure and services. Google
Cloud IoT can also provide data ingestion, storage, analysis, visualization, and machine
learning features to help users derive insights and actions from their IoT data.
•
[IBM Watson IoT]: IBM Watson IoT is a cloud platform that offers a range of capabilities
and solutions for IoT. IBM Watson IoT can help users connect, manage, and analyze their
IoT devices using IBM Cloud’s secure and flexible infrastructure and services. IBM
Watson IoT can also provide cognitive computing, artificial intelligence, blockchain, and
edge computing features to help users enhance their IoT applications with intelligence
and trust.
•
•
•
Figure 1.1 Internet of Things
9
1.2 IoT Edge Computing and IoT Analytics
IoT Edge Computing and IoT Analytics are two related concepts that involve processing
and analyzing data from IoT devices. IoT devices are smart objects that can send and
receive data over the internet, such as sensors, cameras, wearables, or smart appliances.
IoT Edge Computing
9
is a strategy that places computing power closer to where the data is generated or used,
such as at the edge of the network or on the device itself. This can reduce latency,
bandwidth, and costs, as well as improve reliability, security, and scalability. IoT
Analytics is the process of applying data analysis techniques and tools to the data
collected from IoT devices. This can provide insights, predictions, and
recommendations that can help optimize performance, efficiency, and user experience.
Some examples of IoT Edge Computing and IoT Analytics are:
•
A self-driving car that uses edge computing to process sensor data and make
decisions in real-time, while also sending some data to the cloud for further
analysis and improvement.
•
A smart factory that uses edge computing to monitor and control machines and
processes, while also using analytics to optimize production, quality, and
maintenance.
•
A smart home that uses edge computing to automate lighting, heating, security,
and entertainment systems, while also using analytics to learn user preferences
and behavior patterns.
If you want to learn more about IoT Edge Computing and IoT Analytics, you can
check out some of the web search results that I found using my search tool:
•
IoT edge computing – what it is and how it is becoming more intelligent: This
article explains what edge computing is, how it is evolving, and why it matters
for IoT.
•
What is IoT Edge computing?: This article provides an overview of IoT and
edge computing, how they are related, and how they differ from cloud
computing.
•
Complete Guide to Edge Computing, Edge IoT, Edge AI & More: This guide
covers various aspects of edge computing, such as edge AI, edge IoT, edge
cloud, and edge devices.
•
The Importance of Edge Computing for the IoT: This article discusses the
benefits of edge computing for IoT applications, such as faster processing, lower
costs, and higher reliability.
11
Figure 1.2 IoT Edge Computing and IoT Analytics
1.3 Internet of Things 101
The Internet of Things (IoT) is a term that describes the network of physical objects
that are connected to the internet and can communicate and exchange data with each
other. These objects can include devices, vehicles, appliances, sensors, and more.
IoT can enable various applications and benefits, such as:
•
Smart homes: IoT can make homes more comfortable, convenient, secure, and
energyefficient by allowing users to remotely control and monitor their lighting,
heating, security, entertainment, and kitchen systems. For example, a user can
use their smartphone to adjust the thermostat, check the security camera, or turn
on the coffee maker before they arrive home.
•
Smart cities: IoT can make cities more liveable, sustainable, and resilient by
improving urban services and infrastructure, such as transportation, waste
management, water supply, air quality, and public safety. For example, a city can
use IoT to optimize traffic flow, reduce pollution, monitor water levels, and alert
emergency responders.
•
Smart industries: IoT can make industries more productive, efficient, and
competitive by enhancing their processes, operations, and products. For
example, a factory can use IoT to monitor and control its machines and
equipment, optimize its production and quality, and prevent downtime and
maintenance issues.
•
Smart healthcare: IoT can make healthcare more accessible, affordable, and
personalized by enabling remote monitoring, diagnosis, treatment, and
prevention of diseases and conditions. For example, a patient can use IoT to
12
measure their vital signs, track their medication intake, or consult with their
doctor online.
•
Smart agriculture: IoT can make agriculture more profitable, sustainable, and
resilient by improving crop management, irrigation, pest control, and animal
welfare. For example, a farmer can use IoT to monitor soil moisture, crop health,
weather conditions, or livestock behavior.
To learn more about IoT and its applications in different sectors of society, you can
check out some of the web search results that I found using my search tool:
•
Introduction to Internet of Things (IoT) | Set 1: This article explains what IoT
is, how it works, what are its main components and types.
•
Internet of Things (IoT) : Fundamental Course (101 level): This course teaches
you the basics of IoT and its applications in various domains such as HR,
healthcare, agriculture, logistics and supply chain.
•
Internet of Things (IoT) cheat sheet: Complete guide for 2022: This cheat sheet
covers everything you need to know about IoT from its benefits to its problems
and solutions.
•
What is the internet of things? | IBM: This page provides an overview of IoT
and its impact on business and society.
•
Internet of Things (IoT) 101: Functions, Benefits: This blog post discusses the
functions and benefits of IoT for enterprises.
13
Figure 1.3Internet of
Things
101
1.4 Internet of Things 201
Internet of Things 201 is an advanced topic that covers various aspects of IoT,
such as architectures, protocols, standards, security, privacy, ethics,
applications, and challenges. Internet of Things 201 can help you gain a
deeper understanding of IoT and its implications for society and business.
Internet of Things 201 can also help you develop the skills and knowledge
needed to design, implement, and evaluate IoT solutions using various
technologies and tools.
1.4.1 Raspberry pi guide
Raspberry Pi is a series of small single-board computers that can be used for
various projects, such as learning to program, making music, or building
14
robots. Raspberry Pi was developed by the Raspberry Pi Foundation, a UK
charity that aims to educate people in computing and create easier access to
computing education1.
Some of the features of Raspberry Pi are:
•
It is low cost, ranging from $5 to $75 depending on the model1.
•
It is credit-card sized and can be plugged into a monitor or TV2.
•
It uses a standard keyboard and mouse for input2.
•
It has a quad-core ARM processor and 1 GB to 8 GB of RAM, depending on the
model1.
•
It uses a micro-SD card for storage and runs various operating systems, such as
Raspbian, a Linux-based OS1. It has multiple ports, such as HDMI, USB,
Ethernet, audio, and power1.
•
it has a set of general purpose input/output (GPIO) pins that allow it to interact
with electronic components, such as sensors, LEDs, motors, etc2.If you want to
learn more about Raspberry Pi, you can check out some of the guides I found
for you:
•
Raspberry Pi Guide - Quick Start Guide for Raspberry Pi is a simple and
concise guide that covers the basics of setting up your Raspberry Pi, installing
an operating system, and connecting it to the internet. It also provides links to
more detailed documentation and tutorials for further learning.
•
Beginner’s Guide: How to Get Started With Raspberry Pi is a comprehensive
and detailed guide that walks you through the process of choosing a Raspberry
15
Pi model, gathering the necessary accessories, installing the operating system,
and exploring some
of the possibilities of what you can do with your Raspberry Pi. It also includes
tips and tricks for troubleshooting and optimizing your Pi.
Figure 1.4 Raspberry pi
1.5 IoT Communication Technologies
1.5.1Communication Protocols in IoT Networks
• IoT Networking
– Sensors
– Edge Networking
– Communication Protocols overview
16
• Communication Protocols - Edge
– ZigBee
– Z-Wave
– BLE
– Wi-Fi
– IPv6
– 6LoWPAN
• Communication Protocols - Cloud
– LPWA – SigFox and LoRa
– 3G, 4G, 5G
• Messaging Protocols
– CoAP
– MQTT
1.5.2IoT Communication Models
In March 2015, the Internet Architecture Board (IAB) released a guiding
architectural document for networking of smart objects (RFC 7452) RFC
7452 outlines a framework of common communication models used by IoT
devices.
These models demonstrate the underlying design strategies used to allow IoT
devices to communicate.
•
Device to Device communication
•
Device to Gateway Communication
•
Device / Gateway to Cloud communication
17
Device-to-Device Communication Model
The device-to-device communication model represents two or more devices
that directly connectand communicate between each other, rather than
through an intermediary application server.
•
These devices communicate over many types of networks, including IP
networks or the Internet.
Often, however these devices use protocols like Bluetooth, Z-Wave, or
ZigBee to establish directdevice-to-device communications.
•
This communication model is commonly used in applications like home
automation systems,which typically use small data packets of information to
communicate between devices withrelatively low data rate requirements.
Device-to-Gateway Communication
•
In the device-to-gateway model, or more typically, the device-to-
application-layer gateway (ALG) model.
•
In many cases, the local gateway device is a smartphone running an app
communicate with a device and relay data to a cloud service.
•
This is often the model employed with popular consumer items like
personal fitness trackers.
•
The devices do not have the native ability to connect directly to a cloud
service, so they frequently rely on smartphone app software to serve as an
intermediary gateway to connect the fitness device to the cloud.
18
Device / Gateway-to-Cloud Communication
In a device-to-cloud communication model, the IoT device/Gateway connects
directly to an Internet cloud service like an application service provider to
exchange data and control message traffic.
This approach frequently takes advantage of existing communication
mechanisms like traditional wired (Ethernet) or wireless (ex: Wi-Fi)
19
CHAPTER-2
CYBER SECURITY
INTRODUCTION
•
Cyber security is the practice of protecting systems, networks, and
programs from digital attacks. These cyberattacks are usually aimed at
accessing, changing, or destroying sensitive information; extorting money
from users via ransomware; or interrupting normal business processes1.
Cyber security is also known as information technology security or
electronic information security.
•
Cyber security can be divided into a few common categories, such as
network security, application security, information security, operational
security, disaster recovery and business continuity, end-user education,
and more34. Each category has its own techniques, processes, and
practices to defend against different types of cyber threats. Cyber threats
are constantly evolving and becoming more sophisticated, so cyber
security requires constant monitoring and updating to keep up with the
latest attacks.
•
Cyber security is important for everyone who uses the internet, from
individuals to organizations. Cyberattacks can cause serious damage to
personal data, financial assets, reputation, privacy, and safety. Cyber
security helps to prevent or minimize the impact of these attacks by using
various methods, such as encryption, authentication, firewalls, antivirus
software, backup systems, etc.
20
2.1. Fundamentals of Information Security
Fundamentals of Information Security are the basic concepts and principles
that guide the design and implementation of information security practices.
Information security is the practice of protecting information from
unauthorized access,
use, disclosure, modification, or destruction.
Information security aims to ensure the confidentiality, integrity, availability,
and non-repudiation of information, whether it is stored digitally or in other
forms.
Some of the fundamentals of information security are:
•
Confidentiality: This principle means that information should be kept
secret and accessible only to authorized individuals or entities.
Confidentiality helps to protect sensitive information from being leaked,
stolen, or misused by unauthorized parties. Confidentiality can be
achieved by using encryption, authentication, access control, and other
techniques.
•
Integrity: This principle means that information should be accurate and
consistent and not altered without authorization. Integrity helps to ensure
that information is reliable and trustworthy and not corrupted, tampered,
or deleted by unauthorized parties. Integrity can be achieved by using
hashing, digital signatures, checksums, and other techniques.
21
•
Availability: This principle means that information should be accessible
and usable when needed by authorized individuals or entities. Availability
helps to ensure that information is not disrupted, denied, or delayed by
unauthorized parties. Availability can be achieved by using backup
systems, redundancy, load balancing, and other techniques.
•
Non-repudiation: This principle means that information should be
verifiable and provable and not deniable by the parties involved. Nonrepudiation helps to ensure that information is authentic and valid and not
forged, falsified, or disputed by unauthorized parties. Non-repudiation can
be achieved by using digital signatures, certificates, audit logs, and other
techniques
2.2. Fundamentals of Cryptography
2.2.1. Why Cryptography
In the digital world, data has become a key asset. Innovative technologies and
business solutions like Big Data, Smart Cities, Cloud, Social Networking or
Internet of Things are being adopted in the connected world to improve lives
of common people, as it is essential to deal with our sensitive data online.
Any unauthorized access to sensitive information or data in our digital society
can cause many problems such as corruption, leakage of confidential
information and violation of privacy. Thus, it is extremely necessary for
organizations, businesses and individuals to make sure that information like
client details, bank details, account details, personal files, etc. are well
protected.
To protect data, a set of measures that help in preventing any kind of
unauthorized access to data is required. These include cryptography, hashing
22
and digital signatures. Using this, the data associated with websites, networks
and databases can be secured at rest and in transit.
2.2.2. Cryptography
Cryptography is a method of protecting information and communications
using codes, so that only those for whom the information is intended can read
and process it.
Cryptography provides confidentiality and assurance of integrity, authenticity
and nonrepudiation.
It applies to both - information at rest (information in hard disk) and
information in transit.
Figure 2.1 Cryptography
.
2.2.3. Applications of Cryptography
Here are two very common applications of cryptography, that everyone would
have encountered.
23
Web applications and HTTPS
Everyone uses cryptography on a daily basis. Whenever you visit certain
websites, you might have noticed the 'Secure padlock' symbol (shown below)
in the browser address bar.
It means that the communication between your browser and the website server
is encrypted (using HTTPS i.e. secure HTTP).
Secure HTTP (HTTPS) protocol is used to protect web transactions by
encrypting the communication between the browser and the web server.
HTTPS is supported underneath by Transport Layer Security (TLS) protocol.
It relies on both symmetric and asymmetric cryptography. The following steps
describe its working.
when a user visits a website, the website supplies the browser with its public key.
The browser creates a random symmetric key (called session key), encrypts it
using the website's public key and sends it to the website.
The website then decrypts the session key using its private key.
The browser and the website have the same session key which they use for all
further communication.
As we learned earlier, one of the major limitations of symmetric key
cryptography is the need for a secure and efficient way of sharing the secret
key. The problem of sharing symmetric key is solved by using public key
cryptography (this approach is used in TLS). Once the key is shared, all
communication between sender & receiver will be done by symmetric-key
cryptography. This helps in gaining speed advantage for communications.
24
Portable Devices Encryption
Devices such as laptops and smart phones often contain highly sensitive
information, if lost or stolen, could cause serious harm to an organization and
its customers, employees, and affiliates. Encryption is applied on these
devices to protect the data in the event of theft of these devices. For example,
Microsoft Windows operating system uses BitLocker and Encrypting File
System (EFS) technologies for the purpose of encryption.
Other common applications include, encrypting email, Digital Rights
Management
(DRM), Wi-fi encryption.
Figure 2.2 Public key Cryptography
2.3. Introduction to Cyber Security
Technology has covered almost all facets of today's world. From dusk to
dawn, we are engaged digitally. From Smartphone at home to meet all our
daily needs, to making a fund transfer, to ordering a refill of grocery,
everything is just a click away. A typical day at work involves dealing with
desktops/laptops connecting to intranet/internet servers. A relaxed weekend
at dine-in will involve the attendant taking the customer's order through a
tablet and the customer paying the bill through Credit/Debit card. All these
25
transactions involve accessing the internet. Hence it becomes important that
everyone is aware of the risks involved in using digital data and its protection.
Cyber Security is the protection of internet-connected systems, including
hardware, software and data, from cyber-attacks.
Since majority of the cyber-attacks are reported through web applications, it
is imperative that web application designers are aware of the common
mistakes, to avoid during building and maintaining of web applications.
2.3.1. Recent Cyber Attacks
•
Uber's CEO, Dara Khosrowshahi, stated that hackers stole personal data
of nearly 57 million Uber users. This personal data includes names, phone
numbers, email addresses, debit/credit card numbers of customers and
also, license numbers of the drivers serving the company.
How was the attack carried out?
•
Hackers hacked into Uber's account on GitHub. GitHub is a site that many
engineers and companies use to store code of IT projects.
•
From Uber's GitHub account, they found the username and password that
gave access to Uber's data stored in a third party cloud server.
•
Developers accidentally left the login credentials in code which was
uploaded to
GitHub and hence, the hackers successfully got access to the Uber's
server.
What was its impact?
•
Uber faced lawsuits filed by many users as their personal data was leaked.
•
Uber allegedly paid $100,000 ransom to hackers to get the data deleted.
26
Figure 2.3 Cyber Security
2.3.2. Prevention from Cyber Attack
Saving yourself from cyber-attacks is a very important and relevant topic in
today's digital world. Cyber-attacks are malicious attempts by hackers or
criminals to access, damage, or destroy your data, devices, or networks.
Cyber-attacks can have serious consequences, such as identity theft, financial
loss, privacy breach, or even physical harm.
There are many ways to protect yourself from cyber-attacks, but here are some
of the most common and effective ones:
•
Use a VPN. A VPN (virtual private network) is a service that encrypts and
anonymizes your internet traffic, making it harder for hackers to intercept
or spy on your online activities. A VPN can also help you access georestricted content or bypass censorship. You can use a VPN on your
computer, smartphone, tablet, or router1.
•
Use strong passwords and two-factor authentication. Passwords are the
keys to your online accounts, so you should make them as strong and
27
unique as possible. Avoid using common or easy-to-guess passwords,
such as your name, birthday, or pet's name. Use a combination of letters,
numbers, symbols, and cases. You can also use a password manager to
generate and store your passwords securely. Twofactor authentication
(2FA) is an extra layer of security that requires you to enter a code, or a
token sent to your phone or email after entering your password. This way,
even if someone steals your password, they won't be able to access your
account without the second factor23.
•
Keep your software up to date. Software updates often contain security
patches that fix vulnerabilities or bugs that hackers can exploit. You
should always update your operating system, browser, applications, and
antivirus software as soon as possible. You can also enable automatic
updates to save time and hassle23.
Avoid identity theft. Identity theft is when someone uses your personal information,
such as your name, address, social security number, or credit card number, to commit
fraud or other crimes. To prevent identity theft, you shoul
careful with what
information you share online or offline. Don't give out your personal information to
strangers or untrusted websites. Don't click on suspicious links or attachments in emails
or messages. Don't use public Wi-Fi networks or computers for sensitive transactions.
Check your credit reports and bank statements regularly for any signs of unauthorized
activity.
2.3.3. Applications of Cyber Security
Application security is one of the important applications of cybersecurity that aims to
protect software applications from cyber threats. Application security involves various
28
techniques and tools that help to enhance the security of the application code and data,
and prevent unauthorized access, modification, or destruction of the application.
Application security can be applied during all phases of the software development life
cycle, such as design, development, testing, and deployment1.
Some of the types of application security are:
•
Static Application Security Testing (SAST): This is a method of analyzing the
source code of an application to identify and fix potential vulnerabilities before the
application is deployed. SAST tools scan the code for common flaws, such as buffer
overflows, SQL injections, cross-site scripting, etc., and provide recommendations
for fixing them2.
•
Dynamic Application Security Testing (DAST): This is a method of testing the
functionality and behavior of an application while it is running to detect and exploit
vulnerabilities that may not be visible in the source code. DAST tools simulate
realworld attacks on the application, such as sending malicious inputs or requests,
and monitor the application's responses and outputs2.
•
Runtime Application Self-Protection (RASP): This is a method of protecting an
application from within by embedding security features into the application's
runtime environment. RASP tools monitor the application's execution and data 26
flow, and block or alert any suspicious or malicious activities that may compromise
the application's security2.
•
Web Application Firewall (WAF): This is a method of protecting an application
from external attacks by filtering and blocking malicious web traffic before it
reaches the application. WAF tools inspect the HTTP requests and responses
between the web server and the client, and apply predefined rules or policies to
29
prevent common web attacks, such as SQL injections, cross-site scripting, denialofservice, etc.
Figure 2.3 Application of Cyber Security
2.4. Network Security
Network security is the practice of protecting the integrity, confidentiality, and
availability of a computer network and its resources from unauthorized access, misuse,
or attack. Network security involves various techniques and tools that help to prevent,
detect, and respond to different types of cyber threats, such as malware, ransomware,
phishing, denial-of-service, etc.
Some of the common types of network security are:
•
Access control: This is the process of granting or denying access to the network or
its resources based on the identity and role of the user or device. Access control
helps to ensure that only authorized users or devices can access the network or its
resources. Access control can be achieved by using passwords, biometrics, tokens,
certificates, etc.
30
•
Antivirus and anti-malware software: This is the software that scans and
removes malicious software (malware) from the network or its devices. Malware
is any software that can harm or compromise the network or its devices, such as
viruses, worms, trojans, spyware, etc. Antivirus and anti-malware software helps
to protect the network or its devices from infection or damage caused by
malware12.
•
Firewalls: This is the hardware or software that filters and blocks unwanted or
malicious traffic from entering or leaving the network. Firewalls help to protect the
network or its devices from external attacks or intrusions by applying predefined
rules or policies to the incoming or outgoing traffic12.
Figure 2.4 Network Security
31
Conclusion
IT and control systems manufacturers are seizing the opportunity of having new novel
hardware devices as the “Internet of Things” begins to scale up. As the number of
devices continues to increase, more automation will be required for both the consumer
(e.g. home and car) and industrial environments. As automation increases in IoT control
systems, software and hardware vulnerabilities will also increase. In the near term, data
from IoT hardware sensors and devices will be handled by proxy network servers (such
as a cellphone) since current end devices and wearables have little or no built-in
security. The security of that proxy device will be critical if sensor information needs
to be safeguarded. The number of sensors per proxy will eventually become large
enough so that it will be inconvenient for users to manage using one separate app per
sensor. This implies single appls with control many “things,” creating a data
management (and vendor collaboration) problem that may be difficult to resolve. An
exponentially larger volume of software will be needed to support the future IoT. The
average number of software bugs per line of code has not changed, which means there
will also be an exponentially larger volume of exploitable bugs for adversaries. Until
there are better standards for privacy protection of personal information and better
security guidelines on communication methods and data/cloud storage, security of
wearable and other mobility devices will remain poor. More work needs to be spent on
designing IoT devices before too many devices are built with default (little or no)
security. Physical security will change as well. As self-healing materials and 3D printers
gain use in industry, supplychain attacks could introduce malicious effects, especially
if new materials and parts are not inspected or tested before use. The main benefits of
autonomous capabilities in the future IoT is to extend and complement human
performance. Robotic manufacturing and medical nanobots may be useful; however,
devices (including robots) run software created by human. The danger of the increased
vulnerabilities is not being addressed by security workers at the same rate that vendors
are devoting time to innovation. Consider how one might perform security monitoring
of thousands of medical nanobots in a human body. The ability to create secure IoT
devices and services depends upon the definition of security standards and agreements
between vendors. ISPs and telecommunication companies will control access to sensor
data “in the cloud” and they cannot provide 100% protection against unauthorized
access. IoT user data will be at risk. Diversity of the hardware and software in the future
IoT provides strong market competition, but this diversity is also a security issue in that
there is no single security architect overseeing the entire “system” of the IoT. The
“mission” of the entire IoT “system” was not pre-defined; it is dynamically defined by
the demand of the consumer and the response of vendors. Little or no governance exists
and current standards are weak. Cooperation and collaboration between vendors is
essential for a secure future IoT, and there is no guarantee of success.
32
References
1.https://infyspringboard.onwingspan.com/web/en/app/toc/lex_auth_0130
009449730539521875_shared/overview
2.https://infyspringboard.onwingspan.com/web/en/app/toc/lex_auth_0130
009559159357441881_shared/overview
3.https://infyspringboard.onwingspan.com/web/en/app/toc/lex_auth_0137
1229380700569689_shared/overview?disableBackNav=true
4.https://infispringboard.onewingspan.com/web/en/app/talk/lex_3371974
7686151950000_shared/overview
5.https://infyspringboard.onwingspan.com/web/en/app/toc/lex_auth_0136
382610228674561182_shared/overview?disableBackNav=true
33