Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the security problems of the Internet of things at present". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what are the security problems of the Internet of things at present?"

At present, the security issues of the Internet of things are as follows:

First, the layout of the security policy of the Internet of things in China is still insufficient, the security standard system of the Internet of things has not yet been released, the scene of the security standards is not targeted enough, the security protection awareness of all links of the industrial chain is not unified, and the security protection system is not perfect. The security industry of the Internet of things is not reasonable and is currently in a decentralized state.

Second, the security industry of the Internet of things in China is still in its infancy, there are many links in the design of the Internet of things industry chain, and security construction needs to be promoted jointly by many parties. At present, there is a lack of security solutions and benchmarking enterprises in typical scenarios, and the demand side is price-sensitive. The acceptance of the increased security cost of the Internet of things is poor.

Third, the industrial maturity of the security core terminal of the Internet of things is not high. At this stage, terminal security is the top priority of the security of the Internet of things. Once destroyed, controlled or attacked, it not only affects the security and stability of application services, but also leads to privacy data disclosure, life and property security damage, but also harms the network key infrastructure and threatens national security.

In addition, the integration of new technologies increases the security risks of the Internet of things

Large-scale applications promote the continuous integration of the Internet of things with artificial intelligence, edge computing, IPv6, containers, micro-services and other new technologies. These new technologies not only improve the functionality of the development of the Internet of things, but also bring new challenges to the traditional security measures. Typical manifestations are:

IPv6 will bring potential exposure security risks. In the era of IPv4, due to the limited number of addresses, relevant technicians mostly use network address translation technology (NAT,Network Address Translation) to solve the problem of insufficient network addresses. Users are assigned intranet addresses rather than public network addresses through NAT, thus the devices using NAT technology are "hidden". The intranet address of the device cannot be seen by the outside world, thus enforcing a security policy that allows only outgoing traffic. With the use of IPv6, IPv6 exposes Internet of things devices to the network, and the communication filtering policy that NAT only allows outgoing traffic will disappear, which means that the communication between internal and external systems will no longer be managed by the network. Unless effective control measures are taken, the deployment of IPv6 may cause all internal nodes of the network to be directly accessible from the public relations Internet, and Internet of things devices will be more vulnerable to network attacks.

The increased agility of the Internet of things brings associated security risks. The Internet of things platform generally introduces technologies such as containers and micro-services to ensure the consistency and deployment agility of the application development environment. Container, micro-service and other technologies break the original boundary-style security strategy and bring new security risks. Container technology enables the deployment of the Internet of things platform from "hard" isolation to "soft" isolation, micro-services disassemble single applications into multiple services, and the ports of interaction between applications grow exponentially, all of which increase the risk of data leakage and association attacks. resulting in a significant increase in attack surface.

Internet of things edge computing will amplify distributed security risks. Edge computing promotes the computing model from centralized cloud computing to more distributed deployment, and also introduces the threat of network attacks to the network edge. First, there are a large number of edge computing nodes, including edge cloud, edge gateway, edge controller and other edge terminals. The complexity and heterogeneity of the terminals are prominent, and the coverage of security policies is difficult. Second, due to the limited resources and capacity of edge facilities, it is difficult to provide the same security capabilities as cloud data centers, edge node data is easy to be destroyed, and infrastructure software protection is also difficult. Third, edge computing will adopt technologies such as open API and open network function virtualization, and the introduction of openness will easily expose edge nodes to external attackers.

Open source of the Internet of things promotes security to the infrastructure level. According to the 2020 Open Source Security and risk Analysis (OSSRA) report released by Synopsys, the proportion of the code base in the Internet of things is as high as 82%. WhiteSource "Open Source Security Annual report" shows that the number of open source security vulnerabilities publicly disclosed in 2019 reached another record high, with a total of 6100. Compared with 2018, open source software has become the most basic "brick" raw material for Internet of things applications and the core infrastructure for various industry applications. Internet of things security has gone deep into the national basic security level.

At this point, I believe you have a deeper understanding of "what are the security problems of the Internet of things at present?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.