当前位置:网站首页>Interpretation: how to deal with the current security problems faced by the Internet of things?
Interpretation: how to deal with the current security problems faced by the Internet of things?
2022-07-05 17:45:00 【Software testing network】
With the in-depth development and wide application of the new generation of Internet of things information technology , The state accelerates the construction of smart cities and digital transformation , The security construction of the Internet of things has become a new infrastructure planning 、 Building 、 The focus of management .
Promoting the security of the Internet of things is an important way to promote the development of new technology industries , It is a reliable way to solve many security problems in the development and construction of intelligent businesses . Internet of things technology is in a period of rapid development and wide application , Facing more and more security problems , All countries have accelerated the formulation of relevant legislation, policies and systems for the security of the Internet of things , To ensure the healthy development of the Internet of things .
2016 year , The Department of Homeland Security issued 《 The basic principles of the security strategy for Internet of things applications 》, It is pointed out that safety issues should be seriously considered from the engineering design stage , Strengthen security updates and technology vulnerability control , Develop safe operation methods , Give priority to safety measures according to the impact 、 Improve transparency 、 Cautious access to the Internet, etc .
California in 2018 enacted 《 Internet of things facilities network security law 》 It is the first security law on Internet of things facilities in the world , The security requirements for IOT facilities are standardized at the legislative level .2019 year 6 month , The United States House of Representatives approved 《 Internet of things network security improvement act 》, The decree is expected to set minimum safety standards for all IOT facilities used by government departments .
Although China has developed relatively late in the technology of Internet of things , But the progress rate in recent years is remarkable . up to now , The demonstration projects of Internet of things in all parts of China are progressing very fast , Internet of things enterprises have also increased rapidly , Internet of things technology 、 patent 、 The number of standards and products is growing rapidly . China predates 2013 In, the security of the Internet of things was included in the government work system , And constantly promote the security construction of the Internet of things . Introduced in the same year 《 Several opinions of the general office of the State Council on the instructions to promote the development of the order of the Internet of things 》 Clearly put forward , The Internet of things security test will be established and improved 、 Risk assessment 、 Safety warning 、 Emergency treatment and other systems .
2019 Network security level protection introduced in 2.0 Relevant standards also clarify the security requirements of the Internet of things . In terms of regulations , Chinese government departments have promulgated regulations and relevant normative documents related to network security protection, which provide a legal and institutional basis for the security supervision of the Internet of things industry . In the past year ,《 Three year action plan for the construction of new infrastructure of the Internet of things 》 as well as 《 Guidelines for the construction of basic security standard system of Internet of things (2021 edition )》 Successive releases of , It provides a referential basis for the construction and security standards of the Internet of things .
In view of the problems that need to be solved urgently in the security of the Internet of things , This article will start from the Internet of things security protection framework 、 Data access security protection requirements 、 Mobile terminal security management 、 Multi service enabling platform bearing security and terminal security management are described .
One 、 Internet of things security protection framework
1、 Safety requirements for sensing equipment
The main task of sensor equipment is to complete the collection of signals 、 Identification and management , Including sensing terminals and monitoring devices , Because sensor terminals are generally located in unsupervised and harsh natural environment , The potential safety hazards are relatively prominent , The main prevention needs are :
- May be affected by the natural environment 、 steal 、 Move your position privately 、 The induction terminal cannot work due to human damage and other factors ;
- Attackers can use the weakness of authentication mechanism to maliciously deploy the same model or clone a similar device to access the system to attack ;
- Attackers can use radio interference 、 Denial of service 、 Strategies such as invading or affecting the routing of the sensing device to the network make the device unable to transmit sensing data and receive commands smoothly ;
- Attackers use physical acquisition or logical attack , Carry out unauthorized access and malicious control on the sensing device and analyze the sensitive information stored , Cause information leakage .
2、 Internet of things terminal intrusion prevention requirements
In response to the various threats flooding the Internet , Intrusion detection function can monitor network and system resources , Find out the behavior and threat signs of violating the security policy and send an alarm . As an infrastructure for network border security , The main force of attack protection , Coupled with the increasingly important and complex characteristics of the Internet of things network environment , Internet of things intrusion prevention requires high reliability 、 High performance 、 Practicality and accuracy .
- High performance : Adopt online deployment mode , Facing the expanding network traffic , How to ensure the throughput capacity and delay limit at the application level under the premise that most strategies are enabled is the key to intrusion prevention .
- accuracy : Hacker attacks go deep , Internet of things intrusion can go deep into network inspection , Accurately detect attacks , Avoid hacker attacks and avoid detection , At the same time, it has accurate detection rules and tends to zero false positive rate 、 Underreporting rate , Ensure the effectiveness of the test .
- reliability : Connected in the customer network environment , In the face of sudden traffic increase 、 The equipment is powered off 、 Log storage overflow 、 Port failure and other problems , How to automatically generate emergency solutions to ensure that the customer network is not affected is the basis of intrusion prevention .
- practical : In addition to hackers' vulnerability intrusion attacks , Viruses and Trojans spread 、DDoS Attack and internal malicious website access risk 、 The abuse of network resources and the occupation of bandwidth are also common problems of customer network security , It is the responsibility of intrusion prevention to carry out multi-dimensional protection through expansion .
3、 Internet of things transmission network security
Compared with traditional network, IOT terminals face higher security threats of tampering and counterfeiting , From the terminal to the business platform DDoS Attack will become easier , Various uncontrollable factors lead to the status of IOT terminals 、 The returned data cannot be trusted . Many types of Internet of things are connected 、 A large number of IOT sensor terminals , Due to the strong dispersion of IOT terminal equipment 、 Weak organization creates a credible risk to end users and data , Therefore, according to the unique technical characteristics and business application needs of Internet of things end users , We need to build a complete transmission security protection system for business data of IOT terminals .
- The security gateway of the Internet of things needs to establish a virtual private network of the Internet of things , Provide a full encrypted communication link from the terminal to the unified system management platform , Ensure the security of the entire communication link from the terminal to the management platform .
- Internet of things security gateway needs to realize behavior control after terminal access , Prevent counterfeit terminals 、 The abnormal terminal and other devices access the unified management platform of the system and attack the business platform . At the same time, the Internet of things security gateway can formulate black-and-white list business rules for the communication protocol of each terminal device , For assets 、 Communication protocol 、 Apply business to identify and control .
4、 The Internet of things APP security management
The Internet of things APP Become an important part of the Internet of things ecosystem , All kinds of applications need corresponding APP As a carrier , The industry faces different scenarios 、 Flexible and convenient Internet of things APP Service will become a new trend . A large number of industries APP After being put on the market, there are various safety risks , Including sensitive information disclosure 、 Authentication bypasses 、 Code cracking 、 Payment security 、 Theft of funds and other issues , The hidden dangers of these security loopholes have brought opportunities to criminals .
The Internet of things APP It is necessary to investigate various security problems faced by mobile applications in advance before the application goes online , And the security of mobile applications is enhanced through shelling and other technical means . When the application goes online , The application can be continuously monitored , Eliminate safety hazards , So as to reduce the safety risk .
5、 Enable platform business to integrate security requirements
The enabling platform is positioned for IOT device management 、 Connect 、 Comprehensive management platform for analysis and security protection , It realizes the connection of various Internet of things devices 、 management 、 Data encryption and decryption 、 Information preservation 、 Statistical analysis 、 Real time computing 、 to open up API Interface 、 Simplify the management and standardize the process of equipment connection , It provides data base and network guarantee for application layer business development , It guarantees the safety of the equipment , It also provides a simple entry for unified equipment management . The enabling platform carries all kinds of data , Especially privacy data , How to desensitize data 、 Encryption and classified security protection are the key to ensure the security of Internet of things data .
6、 Internet of things Security Management Center
For the characteristics of the wide connection of the Internet of things , The Internet of things security gateway needs to be uniformly managed and displayed , The asset situation of all IOT terminals 、 Running state 、 Threat situation 、 The security status is presented in the form of map . At the same time, the IOT security management platform needs to display the asset situation of the overall IOT network in a visual way 、 Threat situation and overall health , Show the operation status of the whole network security gateway and IOT terminal in the form of map , Conduct multi-dimensional behavior analysis and presentation of IOT terminals and IOT Networks , Fully and actively perceive the security situation of the ubiquitous Internet of things .
Two 、 Security protection requirements for multi type data access
Internet of things networks are mostly heterogeneous networks , The mode of communication is more complex than the Internet , Faced with the algorithm being cracked 、 Protocol vulnerabilities are exploited 、 Security threats such as man in the middle attacks , And to the agreement 、 secret key 、 certificate 、 Core algorithms and other acts of brute force cracking also occur from time to time . The security of data connection network will also be directly integrated into various smart applications , There are various threats to network security , For example, the intrusion of authentication authority of access equipment 、 against dos Attack system intrusion 、 Intrusion into connecting switches and server devices 、 Network intrusion detection IDS Monitoring intrusion 、 Invasion of firewall and disaster recovery storage backup .
Internet of things security access gateway is a special product designed to solve the terminal security problems of the existing Internet of things . It is based on Internet of things usage scenarios , You can access the camera 、 Sensors and other IOT terminals . in addition , Collect and process a large amount of sensitive data for IOT terminals , If the forwarding of these data is not strictly confidential, it is easy to have problems such as data theft . Therefore, we need to add a two-way identity authentication mechanism , At the same time combined with VPN Technology is used to prevent data theft and tampering , Ensure the confidentiality of data 、 Integrity and usability .
1、 Wireless communication security requirements
One side , because WiFi、ZigBee、 bluetooth 、2/3/4/5G And other security problems of wireless communication technology itself , And the complexity of the coexistence of various wireless communication technologies in the Internet of things system will inevitably lead to security problems in the business applications of the Internet of things ; On the other hand , Because most of the sensing terminals and access facilities are deployed in the scene of unattended monitoring , It is easy for attackers to use technical means to conduct reverse analysis and attack on these devices . Besides , The attacker can also transmit interference signals to cause communication interruption , And can hijack wireless data 、 hacking 、 Tampering with data , Therefore, it is necessary to establish a safe transmission channel to ensure the security of information transmission , Ensure the integrity of data through data verification , Using cryptographic technology to achieve data confidentiality, etc .
2、 Transmission switching security requirements
The information transmission process of the Internet of things will pass through various heterogeneous networks , And the massive number of nodes in the Internet of things leads to a huge number , When facing the demand of massive data transmission, it is very easy to cause core network congestion , This leads to various denial of service attacks , Therefore, it is necessary to reduce the pressure of central network transmission through multiplex transmission mechanism , So as to effectively prevent denial of service attacks . meanwhile , Due to the security problems such as cross network authentication of heterogeneous networks , It can comprehensively use point-to-point password management mechanism and end-to-end password mechanism to ensure the security of the transmission layer .
in addition , Data packets transmitted on IOT are vulnerable to eavesdropping because they are not signed and verified 、 Tampering 、 Counterfeiting and the repudiation of the sender , Need to pass through PGP、SSL/TLS and IPSec And other protocols for communication encryption and related authentication , To ensure the security of transmission and exchange between communication parties .
3、 ... and 、 Mobile terminal security management
Using mobile smart phones to realize remote control of devices and environmental monitoring is the basic value of the Internet of things , But the introduction of mobile terminals also brings security risks , It mainly includes mobile user management 、 Mobile device management 、 Equipment positioning 、 Notice of news 、 Safety management of mobile devices such as equipment compliance inspection , Mobile App Store 、 App upload 、 download 、 to update 、 Security management of applications such as push and content management of mobile applications 、 Data security is an important part of mobile security in the Internet of things .
Four 、 Multi service enabling platform bearing security
The information security of the IOT platform layer involves the whole IOT ecological chain , Internet of things technology applications are usually intelligent terminals connected to the cloud , Use it later App Realize the interaction of information with cloud services, and then complete the remote security management of intelligent terminals .
At present, most of the IOT business platforms are deployed on cloud servers , The application layer of the Internet of things is facing data fusion attacks 、 Data tampering attacks 、 Disordered location service attacks and other threats , Due to the relatively loose architecture of connecting various ports , Unable to provide effective measures for unified control and verification . Lack of a reasonable security strategy in the design of the operating system , When conducting business, we will encounter various information security risks , Such as information leakage 、 Illegal code modification 、 Illegal replacement of components . In view of the security problems faced by the platform layer of the Internet of things, comprehensive security protection measures should be established .
- Internet of things application data information security guarantee , Establish Internet of things data information generation 、 obtain 、 preservation 、 transmission 、 Treatment and other full life cycle safety standards .
- Internet of things platform data credibility , Prevent the Internet of things data from being intercepted or falsified during transmission , Ensure the credibility and integrity of the data received by the platform .
- In the data access of each user to the Internet of things platform , User's data access rights 、 Use permissions need to establish fine-grained security control , Make the Internet of things data controlled in the use process , Even if there is a safety incident, it can be traced in time .
5、 ... and 、 Massive terminal security management
In the security operation and maintenance of the Internet of things system , Sort out the assets of the Internet of things and manage them by classification and classification 、 Statistics of legal assets and illegal assets 、 The statistics of the number of online and offline terminals have become a difficult problem in the security management of IOT terminals , So that it is impossible to do refined permission control on IOT terminals , The threat of IOT devices cannot be fully perceived , Even lead to the exposure of important IOT assets on the Internet .
By building the Internet of things security management platform , Enterprises can carry out complete security control and policy control , For the Internet of things platform 、 Sensing terminal devices and gateways provide unified IOT security analysis and multi angle data visualization , Provide data support and network support for application layer business development , Provide guarantee for the safety of the equipment , Provide a simple entrance for unified equipment management , Finally, all things will be safely interconnected .
6、 ... and 、 Implement the construction of enterprise safety culture
For businesses , It is advocated that the construction of safety culture should embody the enterprise safety concept and safety values in the attitudes and actions of decision makers and managers , Implemented in the management system of the enterprise , Integrate safety management into the whole management practice of the enterprise , The safety regulations 、 The system is implemented by decision makers 、 In the behavior of managers and employees , Set safety standards 、 technology 、 Products, etc. are implemented in the business of enterprise operation 、 Process and Application , Thus, a good safety culture atmosphere is formed .
Through the construction of safety culture , Affect the safety consciousness of managers and employees at all levels of the enterprise , Ensure the continuous operation of enterprise safety system and safety system with the power of culture , Only in this way can we grasp the essence and fundamental connotation of the current safety construction of enterprises .
边栏推荐
- 33: Chapter 3: develop pass service: 16: use redis to cache user information; (to reduce the pressure on the database)
- QT console printout
- 蚂蚁金服的暴富还未开始,Zoom的神话却仍在继续!
- Database design in multi tenant mode
- 如何保存训练好的神经网络模型(pytorch版本)
- 排错-关于clion not found visual studio 的问题
- Cartoon: how to multiply large integers? (integrated version)
- Short the command line via jar manifest or via a classpath file and rerun
- BigDecimal除法的精度问题
- Clickhouse (03) how to install and deploy Clickhouse
猜你喜欢
随机推荐
Tita performance treasure: how to prepare for the mid year examination?
独立开发,不失为程序员的一条出路
较文心损失一点点性能提升很多
MySQL queries the latest qualified data rows
Simple query cost estimation
Matery主题自定义(一)黑夜模式
LeetCode每日一题:合并两个有序数组
网络威胁分析师应该具备的十种能力
flask接口响应中的中文乱码(unicode)处理
毫无章法系列
蚂蚁金服的暴富还未开始,Zoom的神话却仍在继续!
请问下为啥有的表写sql能查到数据,但在数据地图里查不到啊,查表结构也搜不到
Cartoon: how to multiply large integers? (I) revised version
How to modify MySQL fields as self growing fields
Cmake tutorial step6 (add custom commands and generate files)
Redis+caffeine two-level cache enables smooth access speed
神经网络自我认知模型
解读:如何应对物联网目前面临的安全问题?
求解为啥all(())是True, 而any(())是FALSE?
thinkphp3.2.3