1 00:00:00,540 --> 00:00:03,090 Internet of Things Vulnerabilities. 2 00:00:03,090 --> 00:00:05,460 In this lesson, we're going to start talking about 3 00:00:05,460 --> 00:00:08,520 IoT, or the Internet of Things. 4 00:00:08,520 --> 00:00:10,240 Now, when I talk about Internet of Things, 5 00:00:10,240 --> 00:00:11,730 you may have heard this term before, 6 00:00:11,730 --> 00:00:13,500 and you really should if you've talked about 7 00:00:13,500 --> 00:00:15,590 A+, or Net+, or Security+, 8 00:00:15,590 --> 00:00:18,450 because these are all things that connect to our network. 9 00:00:18,450 --> 00:00:21,200 It can be things like trains, planes, and automobiles. 10 00:00:21,200 --> 00:00:22,490 It can be shopping carts. 11 00:00:22,490 --> 00:00:24,210 It can be your Smart TV. 12 00:00:24,210 --> 00:00:25,690 It can be your cell phone. 13 00:00:25,690 --> 00:00:27,910 Pretty much anything that can connect to the Internet 14 00:00:27,910 --> 00:00:30,100 could be considered an Internet of Things. 15 00:00:30,100 --> 00:00:32,101 For instance, there's some refrigerators out there right now 16 00:00:32,101 --> 00:00:34,650 that have the ability of connecting to the Internet 17 00:00:34,650 --> 00:00:36,220 and using things like Alexa 18 00:00:36,220 --> 00:00:37,940 to be able to add things or take things away 19 00:00:37,940 --> 00:00:39,360 from your shopping list. 20 00:00:39,360 --> 00:00:41,770 All of that is part of the Internet of Things. 21 00:00:41,770 --> 00:00:44,890 So, when we define the Internet of Things, or IoT, 22 00:00:44,890 --> 00:00:47,020 we're really just talking about a group of objects, 23 00:00:47,020 --> 00:00:48,680 and they could be electronic or not, 24 00:00:48,680 --> 00:00:51,350 and they all have to be connected to the wider Internet 25 00:00:51,350 --> 00:00:53,770 by using embedded electronic components. 26 00:00:53,770 --> 00:00:56,370 That is what we define the Internet of Things. 27 00:00:56,370 --> 00:00:58,810 So, if you think about your home, if you have a Smart home, 28 00:00:58,810 --> 00:01:00,590 you might have a Smart door lock on the front door 29 00:01:00,590 --> 00:01:01,770 that you use to get in. 30 00:01:01,770 --> 00:01:03,040 You have a camera that's sitting there 31 00:01:03,040 --> 00:01:05,220 to see people as they come up to your doorbell, 32 00:01:05,220 --> 00:01:06,490 and if they press on your doorbell, 33 00:01:06,490 --> 00:01:07,910 that can actually ring on your cell phone 34 00:01:07,910 --> 00:01:08,940 so you can know who's at the door 35 00:01:08,940 --> 00:01:10,840 before you get up from your couch. 36 00:01:10,840 --> 00:01:12,320 You might have a Smart air conditioner 37 00:01:12,320 --> 00:01:14,227 that can keep track of what the temperature's in the room, 38 00:01:14,227 --> 00:01:16,340 and you can set it and you can change it 39 00:01:16,340 --> 00:01:18,940 from anywhere in the world because it's Internet-connected. 40 00:01:18,940 --> 00:01:19,990 You might have a lighting system 41 00:01:19,990 --> 00:01:20,940 where you can control if it's going to be 42 00:01:20,940 --> 00:01:22,670 white, or red, or blue lights, 43 00:01:22,670 --> 00:01:24,440 because they're connected to the Internet, too, 44 00:01:24,440 --> 00:01:26,610 and you could talk to that through your smartphone. 45 00:01:26,610 --> 00:01:29,300 You may have energy management or appliance control. 46 00:01:29,300 --> 00:01:30,310 You might have a smart device 47 00:01:30,310 --> 00:01:32,650 like a Smart TV, or a Smart speaker. 48 00:01:32,650 --> 00:01:34,290 All of these things are different things 49 00:01:34,290 --> 00:01:36,130 that we can connect inside of our house, 50 00:01:36,130 --> 00:01:38,650 and they all give us a lot of great capability. 51 00:01:38,650 --> 00:01:40,570 But the biggest problem with these things 52 00:01:40,570 --> 00:01:42,380 is they're not always secure, 53 00:01:42,380 --> 00:01:45,240 and security is most often an afterthought to convenience 54 00:01:45,240 --> 00:01:47,590 when we start talking about smart devices. 55 00:01:47,590 --> 00:01:49,710 Now, most of our smart devices are going to use 56 00:01:49,710 --> 00:01:51,780 an embedded version of Linux or Android 57 00:01:51,780 --> 00:01:53,360 as their operating system. 58 00:01:53,360 --> 00:01:55,210 And so, because they have Linux or Android 59 00:01:55,210 --> 00:01:58,200 as their operating system, they are vulnerable to attack. 60 00:01:58,200 --> 00:01:59,960 If there's a Linux vulnerability out there 61 00:01:59,960 --> 00:02:02,640 and you're using a Linux version on that smart device, 62 00:02:02,640 --> 00:02:03,830 and that vulnerability matches, 63 00:02:03,830 --> 00:02:06,250 it can actually attack your Smart speaker, for instance. 64 00:02:06,250 --> 00:02:08,190 And so, these are things you have to think about 65 00:02:08,190 --> 00:02:09,940 as you start looking at your network, 66 00:02:09,940 --> 00:02:11,510 because if they're connected to your network, 67 00:02:11,510 --> 00:02:13,210 'cause you have a Smart TV in the conference room, 68 00:02:13,210 --> 00:02:14,470 that could be an attack vector 69 00:02:14,470 --> 00:02:15,950 for somebody to get into your network. 70 00:02:15,950 --> 00:02:17,380 And that is one of the most common places 71 00:02:17,380 --> 00:02:19,310 I see people getting into a network through, 72 00:02:19,310 --> 00:02:20,780 is things like smart devices 73 00:02:20,780 --> 00:02:22,800 that are now connected to the corporate network. 74 00:02:22,800 --> 00:02:24,580 So, you want to make sure they're properly installed, 75 00:02:24,580 --> 00:02:26,910 secured, and segmented when you put them 76 00:02:26,910 --> 00:02:28,070 into your corporate network, 77 00:02:28,070 --> 00:02:30,230 if you're going to put them in your corporate network. 78 00:02:30,230 --> 00:02:33,190 Now, these smart devices must be secured and updated 79 00:02:33,190 --> 00:02:35,170 when there's new vulnerabilities that are found. 80 00:02:35,170 --> 00:02:37,590 As I said, they're just running Linux or Android. 81 00:02:37,590 --> 00:02:39,110 And what happens is a lot of times, 82 00:02:39,110 --> 00:02:42,310 people will never update the software on these devices. 83 00:02:42,310 --> 00:02:44,100 So, you might be running a version of Linux 84 00:02:44,100 --> 00:02:45,540 that's five years old 85 00:02:45,540 --> 00:02:48,290 because it was small and easy to put on a device, 86 00:02:48,290 --> 00:02:49,140 but you've never updated 87 00:02:49,140 --> 00:02:51,550 so now it's got this huge vulnerability. 88 00:02:51,550 --> 00:02:53,500 So, when you think about IoT, 89 00:02:53,500 --> 00:02:55,520 the idea of IoT and security, 90 00:02:55,520 --> 00:02:57,080 they really don't go together very well 91 00:02:57,080 --> 00:02:58,950 because most IoT manufacturers 92 00:02:58,950 --> 00:03:00,170 are not thinking about security 93 00:03:00,170 --> 00:03:01,640 when they build these devices. 94 00:03:01,640 --> 00:03:04,520 People buy smart speakers, and lights, and smart devices 95 00:03:04,520 --> 00:03:06,390 because they want convenience. 96 00:03:06,390 --> 00:03:08,670 And most people aren't thinking about security. 97 00:03:08,670 --> 00:03:10,090 So, if you're going to install these things 98 00:03:10,090 --> 00:03:11,430 in your corporate network, 99 00:03:11,430 --> 00:03:14,310 you really have to think about this with a security lens. 100 00:03:14,310 --> 00:03:15,760 And one of the best you can do 101 00:03:15,760 --> 00:03:18,490 is segment these devices off into their own network 102 00:03:18,490 --> 00:03:20,840 so they're not talking to the rest of the corporate network. 103 00:03:20,840 --> 00:03:21,910 Don't allow them to be a device 104 00:03:21,910 --> 00:03:24,310 that people can use to be able to pivot into your network 105 00:03:24,310 --> 00:03:25,710 and get your corporate data.