Securing IoT: From Security to Practical Pentesting on IoT
What you'll learn
- Learn current security issues related to the IoT and common security architectures.
- Identify Threats, Vulnerabilities, and Risks.
- Incorporating privacy controls into the new IoT systems designs.
- Discuss privacy regulations and standards that apply to secure IoT systems and keeping stakeholder information private.
- In-depth exploration of privacy challenges and mitigations for the IoT.
- Perform Gateway Penetration Testing on VyOS by hacking the gateway and its services.
- Implement Wireless Penetration Testing on your Google wireless device.
- Perform Endpoint Penetration Testing on Client Servers and Machines like Amazon echo, tp -link device and software firewalls like Comodo and private eye.
- Pentest your Android devices with Android Studio.
- Basic pentesting knowledge is necessary for this course.
The Internet of things is the network of physical objects or things embedded with electronics, software, sensors, and network connectivity which enables these objects to collect and exchange data whereas IoT Pentesting is much like taking a battering ram to the door of a fortress. You keep pounding away but try to find a secret backdoor to enter through.
With this practically oriented course, you will first start with deep dive into common IoT components and technologies to protect your systems and devices. Then you will explore some common IoT use cases across Industries for connected vehicles, microgrids and enterprise drone systems, along with this you will also be focusing on threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls to ensure that the hardware devices and the software are free of any security loopholes.
Contents and Overview
This training program includes 2 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Fundamentals of IoT Security will cover fundamental aspects of the Internet of Things, to include a review of use cases across various industries, we will discuss common IoT components and technologies to provide a baseline understanding of the systems and devices that you need to protect. We will also review common security architectures that can be applied to IoT systems, and discusses regulations and standards that apply to secure IoT systems. We will study of IOT components such as the IoT (hardware, real-time operating systems (RTOS), Application Programming Interfaces (APIs), messaging and communication protocols and backend services. We will discuss threats to IoT systems, attack vectors, current security regulations, and standards and common security architectures. We will examine Privacy by Design (PbD) principles and walk through an example Privacy Impact Assessment (PIA). By the end of this course, you will understand the fundamentals of IoT systems and IoT security and be able to identify threats and required mitigations to their own IoT systems.
The second course, Hands-On IoT Penetration Testing begins with the IoT device architecture to help you understand the most common vulnerabilities. You'll explore networks, sniffing out vulnerabilities while also ensuring that the hardware devices and the software running on them are free of any security loopholes. Moving on, you will learn how to perform pentesting on advanced IoT Devices including Amazon Eco, Logitech Cameras, the Google Nexus phone, Vyos Gateways, TP-Link Smart Switches, and firewalls. By the end of the course, you will be able to create IoT pentesting reports. After completion of the course, you will be able to penetrate even the most densely populated IoT networks.
About the Authors:
Brian Russell is a chief engineer focused on cybersecurity solutions for Leidos. He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers, with a focus on securing the Internet of Things (IoT). Brian leads efforts that include security engineering for Unmanned Aircraft Systems (UAS) and connected vehicles and development security systems, including high assurance cryptographic key management systems. He has 16 years of information security experience. He serves as chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, and as a member of the Federal Communications Commission (FCC) Technological Advisory Council (TAC) Cybersecurity Working Group. Brian also volunteers in support of the Center for Internet Security (CIS) 20 Critical Security Controls Editorial Panel and the Securing Smart Cities (SSC) Initiative
Sunil Gupta is a certified ethical hacker. Currently, he teaches 45,000+ students online in 150+ countries. He is a specialist in ethical hacking and cybersecurity.
His strengths lie in vulnerability assessment, penetration testing, intrusion detection, risk identification, data analysis, reporting, and briefing.
Who this course is for:
- This course is for IoT product managers, software and systems engineering managers, IT security professionals, IoT developers, pentesters, and security professionals who are willing to learn the unique characteristics and challenges of IoT system security.
Packt are an established, trusted, and innovative global technical learning publisher, founded in Birmingham, UK with over eighteen years experience delivering rich premium content from ground-breaking authors and lecturers on a wide range of emerging and established technologies for professional development.
Packt’s purpose is to help technology professionals advance their knowledge and support the growth of new technologies by publishing vital user focused knowledge-based content faster than any other tech publisher, with a growing library of over 9,000 titles, in book, e-book, audio and video learning formats, our multimedia content is valued as a vital learning tool and offers exceptional support for the development of technology knowledge.
We publish on topics that are at the very cutting edge of technology, helping IT professionals learn about the newest tools and frameworks in a way that suits them.