2.6 Explain the security implications of embedded and specialize systems Flashcards
Summarize EMBEDDED SYSTEMS
CompTIA uses the term embedded system more narrowly to describe discrete hardware components that make up portions of systems.
Explain the security implications of a RASPBERRY PI
The Raspberry Pi exemplifies the system on chip (SoC) design concept, where all the processing components reside on a single circuit board—that includes CPU, RAM, system BIOS, Ethernet networking, and Wi-Fi networking; plus connectivity points for peripherals such as a keyboard, mouse, and monitor. From a security standpoint, Raspberry Pi systems act, smell, and taste like a typical desktop system, just writ small.
Explain the security implications of a FIELD-PROGRAMMABLE GATE ARRAY (FPGA)
An FPGA does not have a fixed CPU, like the Raspberry Pi, but rather has integrated circuits (ICs) that developers can redefine as needed. From a security standpoint, keeping the firmware up to date to work through bugs helps. Plus, limiting physical access to control ports or connections minimizes the potential for an attacker to damage your systems.
Explain the security implications of ARDUINO
Arduino products are open source and programmable using the programming languages C and C++. Open source combined with low cost, approachable programming and many connection options have made the Arduino boards the go-to devices at both the professional and enthusiast level for embedded devices. The limited memory on Arduino-based systems leaves them vulnerable to buffer overflow and heap attacks. The systems often connect automatically to the nearest access point when the default connection fails, again providing an opportunity for mischief.
Explain the security implications of a SUPERVISORY CONTROL AND DATA ACQUISITION(SCADA)/INDUSTRIAL CONTROL SYSTEM(ICS)
Supervisory control and data acquisition (SCADA) systems are used in industrial applications, such as energy utilities (electric plants, nuclear power plants), production facilities (for logistics and control of manufacturing systems, for example), sewage treatment centers, and other specialized applications. They run TCP/IP protocols and use embedded versions of some of the popular consumer operating systems, such as Windows or Linux. This makes SCADA systems prime targets for hackers, who attack them to damage critical infrastructure, launch denial-of-service (DoS) attacks, and generally create mischief and outright harm. Since SCADA systems often connect to very critical systems, it’s not too hard to imagine a hacker attacking and gaining control of these systems and seriously affecting power, water, and other utilities and services on a massive scale. Methods of mitigating these types of attacks include the traditional ones, such as encryption, authentication, and patch management.
Explain the security implications of INTERNET OF THINGS(IoT)
Internet of Things (IoT) describes the many computing devices (other than PCs, routers, and servers) that connect through the Internet, which is about as broad a definition as it gets. As you might imagine, with such incredible diversity of hardware and operating systems, combined with the dizzyingly efficient wireless networking capabilities, IoT security is a nightmare. Most manufacturers of IoT devices in the consumer sphere, for example, err on the side of ease of use for the consumer rather than rigorous security for the power user or IT security specialist.
Explain the security implications of WEAK DEFAULTS
Additionally, what IoT devices have in common from a security standpoint are weak default settings. Most manufacturers of IoT devices in the consumer sphere, for example, err on the side of ease of use for the consumer rather than rigorous security for the power user or IT security specialist. Fine-tuning options such as connectivity and notification settings can go a long way toward adding worthwhile security to IoT devices.
Explain the security implications of MEDICAL SYSTEMS
The inherent security risks involved with IoMT devices cannot be dismissed. Any device that connects to a network has vulnerabilities and the potential for hacking. A hacked medical lifesaving device could have deadly consequences. So far in the field attacks have been theoretical.
Explain the security implications of VEHICLES
From a security perspective, in-vehicle computing systems have some of the same common vulnerabilities that other systems have, which may include network security issues, such as the vulnerabilities inherent to Bluetooth, Wi-Fi, and cellular technologies. There are also issues involving firmware and patch updates to the systems.
Explain the security implications of AIRCRAFT
From a security perspective, in-vehicle computing systems have some of the same common vulnerabilities that other systems have, which may include network security issues, such as the vulnerabilities inherent to Bluetooth, Wi-Fi, and cellular technologies. There are also issues involving firmware and patch updates to the systems.
Explain the security implications of SMART METERS
Smart meters rely on cellular and wireless networks to communicate to consumers and utility companies real-time information about power usage, usually electricity, but also natural gas or water.
Explain the security implications of VOICE OVER IP(VOIP)
Eventually developers came up with Voice over IP (VoIP), a way to do telephony over TCP/IP networks, with no need to use ancient technology. Many (most?) enterprises today have ditched the old PBX telephone systems for modern VoIP systems. You need to secure VoIP communications just like you would any other IP network. Typical VoIP attacks include denial of service, spoofing telephone numbers, and just harassment.
Explain the security implications of HEATING, VENTILATION, AIR CONDITIONING(HVAC)
Heating, ventilation, and air conditioning (HVAC) controls also fall into this category and are often automated and connected to the Internet or other networks to monitor and control environmental elements such as temperature and humidity in a facility. This makes SCADA systems prime targets for hackers, who attack them to damage critical infrastructure, launch denial-of-service (DoS) attacks, and generally create mischief and outright harm. Since SCADA systems often connect to very critical systems, it’s not too hard to imagine a hacker attacking and gaining control of these systems and seriously affecting power, water, and other utilities and services on a massive scale.
Explain the security implications of DRONES
Your next unmanned aerial vehicle (UAV)—that’s a drone, for all you normal folks—guaranteed will have multiple embedded camera systems, high-end wireless networking capabilities, and an SoC to run them all. From a security perspective, in-vehicle computing systems have some of the same common vulnerabilities that other systems have, which may include network security issues, such as the vulnerabilities inherent to Bluetooth, Wi-Fi, and cellular technologies.
Explain the security implications of MULTIFUNTION PRINTER(MFP)
Some devices that might seem an odd fit fall into the IoT category, such as multifunction devices (MFDs) that combine printers, scanners, and copiers into one machine and then add Internet capabilities. As you might imagine, with such incredible diversity of hardware and operating systems, combined with the dizzyingly efficient wireless networking capabilities, IoT security is a nightmare.
