Time
10 hours 32 minutes
Difficulty
Beginner
CEU/CPE
11

Video Transcription

00:00
Welcome to Cyber is video Siris on the company. A Security Plus 5 +01 Certification and Exam. I'm your instructor. Wrong Warner.
00:09
This video covers section 3.5 of Security plus
00:13
Explain the security implications of embedded systems.
00:18
An embedded system is a dedicated computer system focused on performing a specific function.
00:24
The software operating system in any applications are all embedded within the hardware components.
00:31
An embedded system is unlike a general purpose computer, which is engineered to manage a wide range of processing tasks.
00:40
Embedded systems have specific functions.
00:43
Some of the embedded types I'll be talking about in this video include smart devices and Internet of things,
00:50
skater and industrial control systems,
00:54
H back
00:55
systems on a chip and real time operating systems,
00:59
printers and multifunction devices, camera systems and special purpose devices such as medical devices, vehicles, even aircraft.
01:10
At the end of this video will cover how to secure these types of embedded systems.
01:15
As previously mentioned,
01:17
Embedded systems are very specific in nature, performing often just one function. Its software will be included or embedded within the computer hardware, often within a read on Lee memory chip.
01:30
It could also be considered a computer system with dedicated function with a large within a larger
01:37
within a larger mechanical or electrical system.
01:40
The first type of embedded system will talk about this system on a chip.
01:45
S. O C. Technology is basically a hardware module in a small form factor
01:49
system on a chip. Devices have good processing power in a small footprint. Make this is technology ideal for reduced power consumption,
01:59
lower cost and better performance than larger components.
02:02
Some of examples of developing technologies that take advantage are nano robots, video devices for the visually impaired,
02:10
maybe even wireless antennas.
02:14
ESO sees integration between a micro micro controller and application or microprocessor and peripherals. The peripherals could be a GPU graphic school processor unit. WiFi or a co processor
02:28
processor is usually powerful enough to run an operating system such as a scaled down Windows, Lennox Android or a really time operating system,
02:39
a real time operating system or R? T. 00 S. It's a small operating system used in embedded systems and coyote applications that are typically run in Assoc system on a chip environment.
02:53
The primary purpose of our T. O. S is to allow rapid switching of task the focused on timing instead of throughput,
03:00
An Rto s allows applications to run with precise timing and high reliability.
03:07
Rto s systems are used in microcontrollers and are implemented in wearable and medical devices as well as in vehicle systems and some home out of automation systems.
03:17
Some typical vulnerabilities associated with R. T. 00 s include the exploitation of shared memory
03:24
priority inversion. So I'm able to reduce the efficiency of the R. T. O s
03:30
inter process communication, a tax code injection or even a denial of service attack.
03:36
Internet of things is a common buzzword we here today, where embedded chips are included in many common devices such as thermostats, video cameras, even our refrigerators.
03:49
Your smartphone can control these household devices in your voice, construct these devices to find information or perform certain functions.
03:57
I O. T. Is described as enabling embedded system devices or components to interact with physical devices for the collection and exchange of data
04:06
will provide tips on how to secure I ot Later in this video,
04:13
a common example of i o t. R. Our smart devices, whether it's a smartphone, smartwatch etcetera, wearable technology thes often communicate over Bluetooth so are vulnerable to those Bluetooth exploits.
04:29
We'll see smart devices along with home automation as well. The's will often communicate over WiFi, so it's important to secure your wireless channels as well.
04:40
Refer to the sections on WiFi Security and Bluetooth security firm or information
04:46
industrial Control systems. I CS and Skate A systems skater stands for supervisory control and data acquisition systems include
04:56
critical infrastructure, such as networks related to manufacturing, logistics and transportation, energy and utilities. Telecommunication service is agriculture and food production.
05:08
Skater is a subset of I. C S
05:12
and I. C s is managed by a skate a system that provides a human machine interface each am I for operators to monitor the status of the system.
05:21
Other icy s systems include industrial automation and control systems, distributed control systems,
05:28
programmable logic controllers or pl sees and remote terminal you units are t use.
05:36
Securing I CS and skater is similar to securing other types in terms of access control and mod monitoring
05:45
guidance for proper security and established best practice for skate. A system is found in I s a 99 Industrial automation control systems security
05:56
H vac are heating ventilation and air conditioning system.
06:00
These devices use embedded systems to efficiently run environmental systems and reduced wasted energy. This is done by allowing them to be switched on on Lee one necessary through the control of individual circuits. Circuits are switched off when there are no guests, visitors or employees present.
06:17
Because H Vac systems are occasionally attached to a production operational network within an organization, they need to be secure through network partitioning and segmentation,
06:29
access control and monitoring how that system is being used.
06:34
An earlier session, I talked about vulnerability associated with printers and multifunction devices.
06:41
Embedded applications such as printing extend the single sign on capabilities. Allow users to log in to multifunction devices with their network password and print to virtually any printer
06:53
very valuable, but also their security vulnerabilities attached that
06:58
the embedded nature of M s be embedded nature of M F D devices integrates with directory service is on all major OS vendors.
07:08
Organizations must realize the systems are actual computers that have a hard drive, run an operating system,
07:15
often have a Web server associated with it and provide network service is
07:19
protections for these devices include proper access control
07:24
inclusion of printers and M. F. D s and security planning and policies. An implementation of protections for data in transit and data at rest should also consider when you
07:35
remove these devices from your infrastructure scrubbing the hard drives, make sure there's no data that is lingering on those devices.
07:45
The last type of embedded system. I'll talk about our special purpose devices.
07:50
Special purpose embedded systems air divined for one industry or one use. In particular,
07:56
the architecture is often based on a single purpose processor and is designed to execute exactly on Lee. One program,
08:05
Thes special purpose Embedded devices Air common in the medical, automotive and aviation fields. You see some examples on your screen
08:13
for security. The medical device manufacturers and health care facilities should apply the appropriate device safeguards and risk mitigation. Those facilities should evaluate network security and protect their systems along with medical devices.
08:31
Vehicles is another place. We'll see embedded systems. The implementation of wireless networks within vehicles such as Global System for Mobile Communications, or GSM,
08:41
and Bluetooth integrated into automobiles, has changed the threat landscape.
08:46
Current and vehicle systems are capable of producing and storing data necessary for vehicle operation and maintenance safety protection. An emergency contact transmission. Similarly, an aircraft has many embedded control systems, ranging from flight controls to the galley microwave.
09:05
The technology associated with unmanned aerial vehicles, you a visa or drones has been widely used in such areas as military, agriculture and cartography. Drones are often used for aerial photography, surveillance and survey.
09:20
They've become mainstream and are now proposed for delivery. Service is such a CZ. Amazon risk mitigation recommendations include secure system software design practices, basic encryption of data at rest and in transit,
09:33
authentication of incoming data and implementation of a firewall within the wireless gateway.
09:39
Embedded systems that are used to capture, store and access data of a sensitive nature.
09:46
Post some unique and interesting security challenges. Security protocols and encryption. Address security considerations from a functional perspective.
09:54
But most embedded systems are constrained by the environments in which they operate, and the resource is they use.
10:01
Attacks against embedded systems, rely on exploiting security vulnerabilities in the software and hardware components of the implementation,
10:09
and are susceptible to timing inside channel attacks. Methods for securing embedded systems include developing a secured by design and default methodology when first creating embedded systems
10:22
security integrated into the technology
10:26
system hardening. So creating a system baseline for the operating system and applications
10:33
shielding from electromagnetic interference.
10:37
Introducing network securities such as t. L s
10:39
verifying the security on the device using security testing
10:45
automated patching, which will update the embedded device whenever there's a new release from the manufacturer
10:50
and any anomaly alert. So if the device is being used as it shouldn't be,
10:56
there will be some type of notification. This CONCLUDE section 3.5 fun explaining the security implications of embedded systems.
11:05
Refer to your study material for more information.

Up Next

CompTIA Security+

CompTIA Security Plus certification is a great place to start learning IT or cybersecurity. Take advantage of Cybrary's free Security+ training.

Instructed By

Instructor Profile Image
Ron Woerner
CEO, President, Chief Consultant at RWX Security Solutions LLC
Instructor