• forward arrow
    Main Menu

  • Article Categories

  • forward arrow
    Main Menu

  • Book Categories

Home
Academics & The Arts
Study Skills & Test Prep
CISSP

Assess and Mitigate Vulnerabilities in Embedded Devices

By: 
Peter H. Gregory
Lawrence C. Miller
|
|  Updated:  
2018-08-02 0:15:24
|   From The Book:  
CISSP For Dummies
Embedded devices encompass the wide variety of systems and devices that are Internet connected. Mainly, we’re talking about devices that are not human connected in the computing sense. Examples of such devices include
  • Automobiles and other vehicles.
  • Home appliances, such as clothes washers and dryers, ranges and ovens, refrigerators, thermostats, televisions, video games, video surveillance systems, and home automation systems.
  • Medical care devices, such as IV infusion pumps and patient monitoring.
  • Heating, ventilation, and air conditioning (HVAC) systems.
  • Commercial video surveillance and key card systems.
  • Automated payment kiosks, fuel pumps, and automated teller machines (ATMs).
  • Network devices such as routers, switches, modems, firewalls, and so on.
These devices often run embedded systems, which are specialized operating systems designed to run on devices lacking computer-like human interaction through a keyboard or display. They still have an operating system that is very similar to that found on endpoints like laptops and mobile devices.

Some of the design defects in this class of device include

  • Lack of a security patching mechanism. Most of these devices utterly lack any means for remediating security defects that are found after manufacture.
  • Lack of anti-malware mechanisms. Most of these devices have no built-in defenses at all. They’re completely defenseless against attack by an intruder.
  • Lack of robust authentication. Many of these devices have simple, easily-guessed default login credentials that cannot be changed (or, at best, are rarely changed by their owners).
  • Lack of monitoring capabilities. Many of these devices lack any means for sending security and event alerts.
Because the majority of these devices cannot be altered, mitigation of these defects typically involves isolation of these devices on separate, heavily guarded networks that have tools in place to detect and block attacks.

Many manufacturers of embedded, network-enabled devices do not permit customers to alter their configuration or apply security settings. This compels organizations to place these devices on separate, guarded networks.

About This Article

This article is from the book: 

CISSP For Dummies

About the book author:

Peter H. Gregory, CISSP, is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of CISSP For Dummies for more than 20 years.

Lawrence C. Miller, CISSP, is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.

This article can be found in the category: 

CISSP

This article is part of the collection(s):

CISSP
Collections
Pondering the Pi Possibilities
For the Game Day Prepper
For the College Bound
For the Spring Term Learner
For the Summer Travel Planner
Career Shifting
Have a Beautiful (and Tasty) Thanksgiving
Just for the Love of It
Contemplating the Cosmos
Just DIY It
Be a Rad Dad
For the Budding Cannabis Enthusiast
For the Exam-Season Crammer
Rent, Rehab, and More
Making Things Grow
Wonder Women
Understanding Easter
Scrub, Sort, & Soak: Spring Cleaning
For the Hopeless Romantic
Make a Commitment to Better Yourself
For the Unabashed Hippie
BYOB (Be Your Own Boss)
For the Aspiring Aficionado
For Those Seeking Peace of Mind