Advanced IoT Security

IoT networks and devices often face attacks as soon as 5 minutes after connecting, thus representing a major threat to healthcare, smart building, manufacturing, power, and other sectors. IoT Devices and Networks can feature numerous vulnerabilities, including weak passwords, lack of security update mechanisms, Shadow IoT, outdated software components/libraries, insufficient privacy protection, insecure networks, unencrypted data, and more. Common attacks on IoT networks include ransomware, eavesdropping, privilege escalation, brute force attacks, buffer overflow, DDoS, firmware hijacking, device hijacking, data theft, and botnets. Demand for IoT Security Specialists and IoT Security Engineers has surged, with their responsibilities including the design of security processes, monitoring IoT devices and networks, identifying and assessing IoT vulnerabilities and risks, preventing IoT threats, and rapidly detecting and responding to incidents. IoT Administrators, network security teams, CISOs, security leaders, IoT architects, and engineers, are also expected to incorporate IoT security into their organization’s standard security practice, processes, and procedures, create an IoT security posture that reliably enables IoT innovation and protects their network from existing and unknown threats. 

The course will begin with a refresher of the Part 1 of the course, titled “Getting Started with IoT Security”. Next, you’ll gain an understanding of cryptography fundamentals for IoT, while you’ll also learn how to use cryptography to secure IoT Data (including symmetric algorithms, asymmetric algorithms, password hashes, digital signatures) as well as how to use cryptography to secure IoT communications (TLS, SSL). As you continue your learning journey, the course will illustrate how to carry out IoT network segmentation and how to achieve application-level security in IoT. Next, you’ll understand in detail how to secure IoT APIs, where you’ll learn how to authenticate devices to APIs, avoid replay attacks in end-to-end device authentication, and authorization with the OAuth2 device grant. 

Moving ahead, the course will illustrate how to perform vulnerability assessment and management in IoT, how to integrate SIEM into IoT and how to perform intrusion detection within an IoT network. You’ll also explore how incident response works in IoT and what measures you must implement to ensure IoT security in the cloud (including data encryption, device authentication, user policies, and more). The course will also demonstrate how to ensure data privacy in IoT and how to implement a compliance monitoring program for IoT. As you near the conclusion, you’ll learn about some of the security errors to avoid in IoT. The course will end with a short guide for the learners on how they can further leverage what they learned in this course by pursuing EC-Council’s ICS/SCADA cybersecurity training program. 

By the end of this course, you’ll have a thorough understanding of the numerous security controls and measures to protect your IoT infrastructure.