Internet of Things (IoT) & Specialized Systems | CompTIA Security+ SY0-601 | 2.6b

In this video you will learn about the Internet of Things & various systems such as: specialized systems, VoIP, HVAC, drones, MFPs, RTOS, surveillance systems, & SoCs.

Internet of Things

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. The definition of IoT has evolved due to convergence of multiple technologies, real-time analytics, machine learning, commodity sensors, and embedded systems. Traditional fields of embedded systems, wireless sensor networks, control systems, automation (home & building), and others all contribute to enabling IoT. In the consumer market, IoT technology is most synonymous with products pertaining to the concept of the “smart home”, including devices and appliances that support one or more ecosystems, and can be controlled via devices associated with that ecosystem, such as smartphones and smart speakers. The software to manage IoT devices can be installed on computers or mobile devices.  Typically, a vendor of an IoT product develops a mobile app to monitor and manage the product. 

Aspects about IoT that you need to be concerned about for the CompTIA Security+ SY0-601 exam are the following:

  • Sensors:  sensors can range from voice-controlled devices in your home to refineries to power plants to air traffic controllers etc.  Because sensors are so small & versatile, functionality is crucial, but security is usually secondary & largely dependent on outside security systems.[1]
  • Smart Devices:  smart devices are everywhere, from wired & wireless networks that control lighting to AC, garage doors, security systems, TVs, toasters, refrigerators, etc.  To protect smart devices, you should disable features that you are not using & enable them only when required, use strong encryption methods, & employ complex passwords.[1]
  • Wearables:  wearable technology are smart electronic devices that are worn close to and/or on the surface of the skin, where they detect, analyze, & transmit information concerning body signals such as vital signs, and/or ambient data and which allow in some cases immediate biofeedback to the wearer.[2]
  • Facility Automation:  full-service commercial & industrial automatic control system for buildings, factories, & larger facilities.  An unprotected building automation system can quickly become a high risk with potential life-threatening damage to its occupants & the building itself; therefore, securing these systems is a necessity.[1]
  • Weak Defaults:  from the implementation of weak protocols to default usernames & passwords, plenty of IoT devices come installed with weak defaults.  There are countless IoT devices & applications within your home & business that use weak or default passwords which place devices at risk of exposing personal information or being used as a pivot device to gain access to another device within your network.[1]  If possible, change all default username & passwords or consider replacing that device with another device that will allow for you to make such changes.

Specialized Systems

Specialized systems can comprise embedded systems like those used in hospitals, vehicles, aircraft, & smart meters.  Specialized systems can also include systems that monitor other systems as well.  Some specialized systems that you need to know about for the CompTIA Security+ SY0-601 are the following:

  • Medical Systems:  medical device users should disable WiFi, Bluetooth, & other outside communication unless absolutely necessary and protect the connection with a strong wireless password & access control rules to limit communications to only vendor-specific IP address/domains.[1]
  • Vehicles:  most modern vehicles are equipped with some sort of connected infotainment system, such as Apple CarPlay, Android Auto, or a similar mobile device-connected standard which allows for seamless integration with the operator’s smartphone or tablet.  That being the case, this allows for malware stored on a mobile device to possibly be transferred to an automobile’s computer system when connected via devices such as USB.[1]
  • Aircraft:  due to the high safety & dependability requirements for aircraft systems, regulations are very strict.  Software (DO-178B, hardware (DO-254), and network (AFDX) design are all standardized.  DO-178B is the primary document by which the Federal Aviation Administration (FAA) approves all commercial software-based aerospace systems.[1]
  • Smart Meters:  electronic devices that record information such as consumption of electric energy, voltage levels, current, & power factor.  Smart meters communicate the information of consumption behavior to the consumer, and electricity suppliers for system monitoring & customer billing.

Voice over IP (VoIP)

VoIP is a method and group of technologies for the delivery of voice communications and multimedia sessions over IP networks, such as the Internet.  The term specifically refers to the provisioning of communications services (voice, fax, SMS, voice-messaging) over the Internet, rather than via the public switched telephone network (PSTN), also known as plain old telephone service (POTS).  VoIP processes audio signals by converting them into digital signals that are compressed to reduce data throughput requirements.  Then the signals are converted into packets and streamed across the network.  At the receiving end, the data is decompressed and converted back to an audio signal.[1]

Heating, Ventilation, Air Conditioning (HVAC)

HVAC is very important for server rooms, data centers, & other technology-oriented areas.  HVAC uses various technologies to control the temperature, humidity, and purity of the air in an enclosed space.  Its goal is to provide thermal comfort and acceptable indoor air quality.  The controls for HVAC systems should always be within the server room or network operation center (NOC) to where it is protected by a key code.  This way, only authorized IT personnel would be able to have access to control the temperature and humidity outside of the SCADA system.[1]

Drones

Drones are unmanned air devices or underwater vehicles that can use embedded computer platforms.  Drone operate by using software or firmware, and drone operators use computers & mobile devices to run drone applications that control the drones.  Drones communicate via wireless connections to ground stations and operators.  Hackers are already exploiting drone software & firmware vulnerabilities to take over drones to gain access to connected systems & networks.  Malware is often embedded in drone software and can compromise not only the data collected on drones, but also the systems that the drones, software, or connected devices are linked to.[1]

Multifunction Printer (MFP)

An MFP is an office machine which incorporates the functionality of multiple devices in one, so as to have a smaller footprint in a home or small business setting (SOHO), or to provide centralized document management in a large-office setting.  A typical MFP may act as a combination of some or all of the following devices:  email, fax, photocopier, printer, & scanner.

Real-Time Operating System (RTOS)

A RTOS is an operating system intended to serve real-time applications that process data as it comes in, typically without buffer delays.  Processing time requirements are measured in tenths of seconds or shorter increments of time.  RTOS operating systems are event-driven and preemptive, meaning the OS is capable of monitoring the relevant priority of competing tasks, and make changes to the task priority.

Surveillance Systems

Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing.[3]  This can include observation from a distance by means of electronic equipment, such as closed-circuit television (CCTV), or interception of electronically transmitted information like Internet traffic.  In the last few years, the deployment & use of video surveillance systems have increased to meet commercial needs.  Uses include the industrial control industry, environmental monitoring, warehouses, facility controls, etc.  These systems have contributed significantly to the reduction of crimes & the preservation of property and an increase in safety.[1]

Systems on Chip (SoC)

A system on a chip (SoC) combines the required electronic circuits of various computer components onto a single, integrated chip (IC).  SoC is a complete electronic substrate system that may contain analog, digital, mixed-signal or radio frequency functions. Its components usually include a graphical processing unit (GPU), a central processing unit (CPU) that may be multi-core, and system memory (RAM).  This is one of the reasons as to why motherboards for desktop and laptop computers are so much larger than ARM-based circuit boards.

References

  1. Santos, O.; Taylor, R.; Mlodziannowski, J. CompTIA Security+ SY0-601 Cert Guide.
  2. Duking, P.; Achtzehn, S.; Holmberg, H.C.; Sperlich, B. (2018). Integrated Framework of Load Monitoring by a Combination of Smartphone Applications, Wearables and Point-of-Care Testing Provides Feedback that Allows Individual Responsive Adjustments to Activities of Daily Living. Sensors.
  3. Lyon, D. (2001). Surveillance Society: Monitoring in Everyday Life.