Cyber Defense eMagazine May Edition for 2022
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine May Edition for 2022 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Device hardening<br />
Many of these devices operate in an environment of a customized special purpose hardware and software<br />
plat<strong>for</strong>m. The plat<strong>for</strong>m’s operating system is typically a stripped-down popular OS such as Windows or<br />
Linux. The underlying assumption is that such devices, corresponding plat<strong>for</strong>m, and the application will<br />
operate in a closed environment and do not need to be hardened <strong>for</strong> full security, as offered by a nonstripped<br />
standard OS. Lack of hardening is a risk that the modern-day attackers understand well and<br />
have figured out how to leverage.<br />
The other dimension to the security risk is the outdated OS such as Windows 95, NT, Windows 7, XP or<br />
similar older versions of Linux. The lack of upgrade to these OS from the OEM and lack of connectivity<br />
from these devices to the OEM adds to the hardening risk.<br />
The third dimension to the security risk is the arcane but field proven utilities. Based on their age and the<br />
design parameters <strong>for</strong> security, the risk should be assessed. Some of the obvious insecure utilities use<br />
unencrypted data such as ftp and sh instead of sftp and ssh.<br />
IoT management<br />
In<strong>for</strong>mation Technology (IT) is traditionally known as the technology that deals with in<strong>for</strong>mation to make<br />
decisions to operate and protect its own infrastructure. In the world of IoTs the Operational Technology<br />
(OT) is employed and architected along with IT.<br />
OT is used to monitor and control the IoT/IIoT devices through a good understanding of the device which<br />
generates events and takes appropriate actions based on the generated event. OT operations on its own<br />
with no other outside connection is generally quite safe. However, IT and OT are inherently<br />
interconnected making it easier to pass inherent risks and benefits of each architecture to the combined<br />
infrastructure. OT acts as a bridge that increases the security risk to the IoT/IIoT infrastructure through<br />
expanded connectivity to the attackers. IT is traditionally more agile and less rigorous, requiring much<br />
more sophisticated security risk management. OT is inherently different on both fronts, the agility and<br />
rigor adding significant security risk while facilitating easier operations.<br />
To get a sense of heightened security risks, a Kaspersky analysis of its telemetry from honeypots in the<br />
1st half of 2021, more than 1.5 billion IoT attacks were detected during the period. These were up from<br />
639 million during the previous half. The rate of growth of attacks on the IoT/IIoT devices and the<br />
infrastructure has more than doubled causing increased attention to the security.<br />
Dated data management<br />
In<strong>for</strong>mation Technology is considered data centric whereas Operations Technology is considered<br />
management oriented. This is a good functional description and de-emphasizes the importance of data<br />
in Operations Technology. Most cyber security attacks are centered around the data and lack of emphasis<br />
on data in Operation Technology is fundamentally a risk.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>May</strong> <strong>2022</strong> <strong>Edition</strong> 154<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.