2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	340/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 336 337 338 339 340 341 342 343 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Peer to Peer
Peer-to-peer (P2P)
technologies are networking and distributed application solutions that
share tasks and workloads among peers. This is similar to grid computing; the primary
differences are that there is no central management system and the services provided are
usually real time rather than as a collection of computational power. Common examples of
P2P include many VoIP services, such as Skype, BitTorrent (for data/fi le distribution), and
Spotify (for streaming audio/music distribution).
Security concerns with P2P solutions include a perceived inducement to pirate copy-
righted materials, the ability to eavesdrop on distributed content, a lack of central control/
oversight/management/fi ltering, and the potential for services to consume all available
bandwidth.
Cryptographic systems are covered in detail in Chapter 6, “Cryptography
and Symmetric Key Algorithms,” and Chapter 7, “PKI and Cryptographic
Applications.”
Internet of Things
Smart devices
are a range of mobile devices that offer the user a plethora of customiza-
tion options, typically through installing apps, and may take advantage of on-device or
in-the-cloud artifi cial intelligence (AI) processing. The products that can be labeled “smart
devices” are constantly expanding and already include smartphones, tablets, music players,
home assistants, extreme sport cameras, and fi tness trackers.
The
Internet of Things (IoT)
is a new subcategory or even a new class of smart devices
that are Internet-connected in order to provide automation, remote control, or AI process-
ing to traditional or new appliances or devices in a home or offi ce setting. IoT devices are
sometimes revolutionary adaptations of functions or operations you may have been per-
forming locally and manually for decades, which you would not want to ever be without
again. Other IoT devices are nothing more than expensive gimmicky gadgets that after the
fi rst few moments of use are forgotten about and/or discarded. The security issues related
to IoT are about access and encryption. All too often an IoT device was not designed with
security as a core concept or even an afterthought. This has already resulted in numer-
ous home and offi ce network security breaches. Additionally, once an attacker has remote

Industrial Control Systems
359
access to or through an IoT device, they may be able to access other devices on the compro-
mised network. When electing to install IoT equipment, evaluate the security of the device
as well as the security reputation of the vendor. If the new device does not have the ability
to meet or accept your existing security baseline, then don’t compromise your security just
for a flashy gadget.
One possible secure implementation is to deploy a distinct network for the IoT equip-
ment, which is kept separate and isolated from the primary network. This configuration is
often known as the
three dumb routers
(see
https://www.grc.com/sn/sn-545.pdf
or
https://www.pcper.com/reviews/General-Tech/Steve-Gibsons-Three-Router-Solution-
IOT-Insecurity
).
While we often associate smart devices and IoT with home or personal use, they are
also a concern to every organization. This is partly because of the use of mobile devices by
employees within the company’s facilities and even on the organizational network. Another
aspect of network professional concern is that many IoT or networked automation devices
are being added to the business environment. This includes environmental controls, such as
heating, ventilation, and air conditioning (HVAC) management, air quality control, debris
and smoke detection, lighting controls, door automation, personnel and asset tracking, and
consumable inventory management and auto-reordering (such as coffee, snacks, printer
toner, paper, and other office supplies). Thus, both smart devices and IoT devices are poten-
tial elements of a modern business network that need appropriate security management and
oversight. For some additional reading on the importance of proper security management
of smart devices and IoT equipment, please see “NIST Initiatives in IoT” at
https://www
.nist.gov/itl/applied-cybersecurity/nist-initiatives-iot
.
Industrial Control Systems
An

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 336 337 338 339 340 341 342 343 ... 881