IoT Next CobWeb

IoT Next CobWeb

In the world today where we are breathing through masks, due to the pandemic times, where mostly all are working from home. Businesses need to be automated. In a real business scenario where we would have some technical glitches or a bearing failure whereby the service technician would file a complaint, either by creating or raising a ticket physically over a tablet or laptop, but with IoT it will sensorise the oil well with more fine crane monitoring the data and analytics and read a conclusion as there will be a bearing failure in future. The automation will create a fixed ticket automatically, detecting through IoT and remediate it through choreographically.  

As per Gartner by 2024, 50 % of the enterprise’s applications in production will be IoT- enabled. Many applications will be connected to IoT as companies have connected IoT to their backhand systems.

The benefits of IoT and the widespread of IoT:

  • IoT enables your business applications to improve how you perform your business.
  • By 2023, 35% of midsize to large enterprises will leverage a hybrid cloud-to-edge computing deployment model for at least one IoT project.
  • By 2023, 25% of on-site industrial assets will be connected by closed-loop systems using IoT technologies.

Source: Gartner survey

Some of the IoT devices to be used :

  • BrainCube by Brain Cube
  • Kloudq IIoT by Kloudq Technologies
  • PTC ThingWorx by PTC
  • Oracle IoT cloud by Oracle
  • Azure IoT
  • IBM Watson IoT by IBM

For more information on these devices, click here

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

Cyber Strategies in the New Normal

We have nearly reached the end of this pandemic year 2020, where mostly we have spent our time at home as still when we write this blog many would be working from home and some who have joined their work task force are trying to adjust the new normal.

This year where not even the IT officials but the students or kids are attending their classes from home. Since everyone is working from home there has been an increase in bandwidth and data utilization around the globe.

The organization which has a business continuity plan ready had a smooth transformation to work from the environment without any hindrances it was proved that CS having a foresight had an efficient way for the organization. A new area of cyber is cyber innovation, risk is mitigated risk is all about taking a risk. Cyber innovation is an area to look at. 

As per Gartner, there are five principles:
  • Continuous adaptive risk and trust assessment based on agility.
  • Secure DevOps
  • Replace the one-time security gate
  • Put the continuous security pro-actively 
  • Build the architecture with security, not with silos 

The average knowledge about cyber-attack prevention is deficient. Yes, cybercriminals are getting better all the time. But if we become proactive in our approach instead of reactive, they can be pushed back continually and hopefully sit mostly on the drawing board!

There is some positive aspect of COVID 19, that it has helped companies to identify that employees to work from their living room, whereas lots of expenditure has been spent on companies infrastructure. Even our environment which has been polluted has been saved by not using the vehicles on a daily basis. 

So, things to keep in mind during this pandemic is to secure your computer systems and wear a mask to protect yourself and others around you.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolssFacebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is Web Application and OWASP?

OWASP

OWSAP – Open Web Application Security Project is a non-profit organization that dedicates web application security.

What is the OWASP Top 10?

It lists out the top 10 vulnerabilities and shows their risks, impacts, and countermeasures. It is updated every 3 – 4 years with the latest vulnerabilities.

Although in 2020 the world has been taken by a storm due to the pandemic COVID19. The people around the world whether the employees or students all were working from home. So since the home networks are not that secure compared to the official network so the chances of breach increases. Here we highlight the top 10 vulnerabilities as per OWASP.

The Top 10 OWASP vulnerabilities in 2020 are:

  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with known vulnerabilities
  • Insufficient logging and monitoring

Source: https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/

Injection

A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do.

Broken Authentication

It is an umbrella term where several vulnerabilities where attackers exploit to impersonate legitimate users online.

Sensitive Data Exposure

It consists of compromising data that should have been protected.

XML External Entities (XXE)

This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Broken Access control

The vulnerabilities that exist when a user can, in fact, access some resource or perform some action that they are not supposed to be able to access.

Security misconfigurations

It occurs when a web application component is susceptible to attack due to a misconfiguration or insecure configuration option.

Cross-Site Scripting (XSS)

It is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.

Insecure Deserialization

A vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized.

Using Components with known vulnerabilities

Vulnerabilities that were discovered in open source components and published in the NVD, security advisories or issue trackers.

Insufficient logging and monitoring

Insufficient logging, detection, monitoring and active response occurs at any time: * Auditable events, such as logins, failed logins, and high-value transactions are not logged.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolssFacebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What do you mean by Virtualization & Hypervisor?

Virtualization

Virtualization refers to the creation of a virtual resources such as a server, desktop, operating system, file, storage or network.

A simple definition of virtualization is the formation of virtual computer inside the real computer.

Advantages

  • Reduces IT expenses
  • Increases Efficiency
  • Increases Agility

Ways of creating virtualization

  • Full virtualization,
  • Para-virtualization 
  • OS-level virtualization.

Types of Virtualization

1.Server Virtualization
2.Application Virtualization
3.Network Virtualization
4.Desktop Virtualization
5.Storage Virtualization

Server Virtualization

Server virtualization allows multiple servers to be installed on one or more existing servers. This saves floor space and money since you don’t have to purchase new servers or expand the square footage of your server room which may increase your overall expenses.

Application Virtualization

This is a process where applications get virtualized and are delivered from a sever to the end user’s device, such as laptops, smartphones, and tablets. So instead of logging into their computers at work, users will be able to gain access to the application virtually from anywhere, provided that an Internet connection should be available.

Network Virtualization

Network virtualization is a method of combining available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. Each channel is independently secured.

Desktop Virtualization

Desktop virtualization removes the need for a CPU at each computer station. Each user will still have a monitor and mouse, but will have their desktop CPU virtually stored on a local server.

Storage Virtualization

Storage virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device. This concept is basically used in Storage Area Network (SAN) environment.

Hypervisor

A Hypervisor or Virtual Machine Monitor(VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called guest machine. 

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is Hardware Security?

Hardware Security

To know about the hardware security, lets first understand what all is covered under hardware security here :

  • Mobile Device Security (MDS)
  • IoT Security
  • Vulnerable Device Lists
  • Physical Security
  • Drone and Vehicles
  • SCADA
  • BIOS and UEFI
  • Self Encryption Device
  • Hardware Security Module

Mobile Device Security (MDS)

As we first insert a SIM (Subscriber Identity Module) in our mobiles there is a pop up message on our mobile which asks for a SIM pin which acts a SIM locking mechanism and protect ones information which could be of SMS text messages, contact lists , subscribers information etc.

IoT Security

To know about the IoT security, please check our previous blog, click here.

Physical Security

Lockdown cables for laptops, computers or making secure to the servers . There is also locked server room racks.

Drones and Vehicles

Drones are considered to be an normal aircrafts fitted with the cameras. The firmware in a drone has geo-fencing software. There are vehicles which have internal networks. There are crucial functioning of a vehicle which is called “Controller Area Network (CAN)”.

SCADA

This stands for Supervisory Control and Data Acquisition, which is used to control industrial processes such as as with manufacturing or critical infrastructure like water, electricity, oil refineries which consists of both hardware and software to make all this happen. There are some protocols which also works with it like DN3P, T101 etc.

BIOS and UEFI

A web page labeled “BIOS Simulator Center” : opens in a web browser. It contain a sample simulator labelled”Lenovo BIOS Setup Utility”. It is divided into two parts i.e. menu bar and Content pane.

Self Encrypting Drivers

This provides protection at the hardware level for the data stored on a drive, if the drive or the device housing the drive is lost or stolen and depending on the configuration of the self encrypting drive, it might not require any user interaction after it’s configured.

Hardware Security Module (HSM)

It provides protection and storage for cryptographic secrets at the hardware or firmware level and supports hardware crypto processing. HSM are FIPS 140-2 compliant which means that they are compliant with US government security standards for cryptographic modules.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What we know about IoT Security?

IoT Security

What is Internet of Things (IoT)?

We read a lot about IoT, but not clear what exactly it means, although we know about its definition so here we explain in simple terms. IoT is basically connecting of computing devices, mechanical, digital machines, objects, and people with one another. Ex: wirelessly connecting devices such as smart speakers i.e. our very own Amazon Alexa or Google Home, smart TVs, Apple Watch, internet-connected baby monitors, video doorbells, and even toys, CCTV camera’s controlled by smartphones.

What is IoT Security?

The technology that is concerned with safeguarding the connected devices and networks in the internet of things (IoT).

What is the difference between IoT and AI?

 IoT is a concept based on the idea of everyday physical objects with the ability to communicate directly over the InternetArtificial Intelligence (AI), on the other hand, is an area of computer science to create machines to do intelligent things the way humans do, or possibly even better.

Source: Wikipedia

How to safeguard our IoT from the breachers or attackers?

There are sensor-based things have minimal computing resources, and the opportunities for antivirus, encryption and other forms of protection within things are more restricted.

  • Security of Things Platform by Mocana
  • IoT Gateway Security by Intel
  • The Forescout Platform by Forescout Technologies
  • Armis Platform by Armis
  • Enhanced Infrastructure Protection by Intel
  • Beacon by Great Bay Software

Source: Gartner

There are many more vendors, for more information on this, please click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is Threat Intelligence?

Threat Intelligence

The information which an organization uses to understand the threats or issues that are targeting their organization.

The primary purpose of this type of security is to keep organizations informed of the risks of advanced persistent threatszero-day threats and exploits, and how to protect against them.

Purpose of Threat Intelligence:

  • To keep organizations up to date with the increasing volume of threats, including methods, vulnerabilities, targets and bad actors.
  • Help you being dynamic about future cybersecurity threats.
  • Keep the security leaders aware, informed about the latest threats which could occur in your business.

The vendors and their products which provide security related to Threat Intelligence are :

For more information on Threat Intelligence and vendor list, please click here

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is DDoS Mitigation Services?

You may be aware of what is DDoS attacks or what is DoS, if still, it is unclear please go through our previous blogs for the definition and inside of DDoS, click here.

Here we will be throwing some light on what is DDoS Mitigation, DDoS mitigation is the process of protecting a targeted server or network from a distributed denial-of-service (DDoS) attack. By utilizing specially designed network equipment or a cloud-based protection service, a targeted victim is able to mitigate the incoming threat.

How does DDoS migration works?

Deflecting DDoS traffic in one of the outer layers – the network layer. This helps to absorb any potential application layer DDoS traffic at the network edge. This means that the threat can be prevented in the cloud before it reaches the customer origin.

The vendors and their products that provide the DDoS protection are as follows:

For more information on vendor list, please click here

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is CASB?

CASB stands for Cloud Access Security Breaker, which is a software tool that acts as a barrier between on-premises and a cloud provider’s infrastructure which can be a Azure, AWS , Google Cloud , IBM cloud etc.

The technology is needed to secure cloud services which are being adopted at a large pace by different organization’s. CASB vendors understand that for the protection of cloud services is different since the data is yours but stored in a systems that belong to someone else.

The benefits provided by CASB are:

  • Efficiently govern cloud data.
  • Ensure compliance.
  • Guard against threats.

There are different vendors of CASB such as Bitglass, Microsoft , Mcaffee, Symantec , Cisco , Forcepoint etc. More information about the vendors – click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What are the emerging Technologies Road Map for the year 2019-21..?

With the emerging outbreaks of the pandemic COVID19 the world has come to a standstill. Due to this, there has been a disconnect between cybersecurity executive and their organization’s security analysts.

There was a study done by the research giants Gartner who in consultation with the leaders have come up with the Road Map for the year 2019-21.

If we see the road map and concentrate on Cloud and CyberSecurity technologies:

Security

As we go down the map we realize the four phases “Monitoring”, “In Planning” , In Pilot and “In Deployment” .

We at DocToolss have often talked about Endpoint Detection and Response (EDR) , Virtualized Firewalls. The terms which we will be further talking about in our future blogs would be Statis Application Security Testing (SAST), Threat Intelligence Services, Network Sandboxing, User and Entry Behaviour Analytics, Signature Endpoint Detection or Protection and Database Audit and Protection etc.

If we further drive deep in the Road map curves, we will find out about cloud technology though we haven’t talked about it much in our past blogs but will plan to do it in our future blogs.

Cloud Technology

As we go down the map we realize the four phases “Monitoring”, “In Planning” , In Pilot and “In Deployment” .

The PaaS technology which has been categorized under “In Deployment” phase has already been talked about in our past blogs, you can click here to know more.

Further technologies terms would be explained in our future blogs, or if there is anything which you want us to explain or to drive in, we will always be happy to hear from you.

The inputs for this blogs has been taken from Gartner website, for more information on this, click here.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

WordPress.com.

Up ↑

Create your website at WordPress.com
Get started