Iot and Cyber Security
IoT and CyberSecurity has become more important in our live which we can not live without it. so in this part of the protfolio, I will explain what I have learned about it.
Welcome to my Portfolio.
My name is Sulayman, I am an IT Student.
IoT and CyberSecurity has become more important in our live which we can not live without it. so in this part of the protfolio, I will explain what I have learned about it.
The Internet of Things (IoT) is the network of physical objects—devices, instruments, vehicles, buildings, and other items embedded with electronics, circuits, software, sensors, and network connectivity that enables these objects to collect and exchange data. The Internet of Things allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency and accuracy. The concept of a network of smart devices was discussed as early as 1982, with a modified Coke machine at Carnegie Mellon University becoming the first internet-connected appliance, able to report its inventory and whether newly loaded drinks were cold. Kevin Ashton (born 1968) is a British technology pioneer who is known for inventing the term "the Internet of Things" to describe a system where the Internet is connected to the physical world via ubiquitous sensors.
Cybersecurity may be defined as the ability to protect and recuperate from cyberattacks. According to NIST (National Institute of Standards & Technology), it can be defined as the ability to defend cyberspace usage from cyberattacks. Cyberspace could be internet, computer systems, telecom networks, embedded controllers etc. The security of any organization completely relies on three key areas namely confidentiality, availability and integrity.
The large number of interconnected devices and their varying levels of security make IoT networks vulnerable to cyber attacks. Hackers can exploit vulnerabilities in the devices' software, weak passwords,
and other security flaws to gain unauthorized access to the network, steal sensitive information, and even take control of the devices. Once a hacker gains access to an IoT network, they can use it as a gateway to attack other systems or launch larger-scale attacks.
To mitigate the risks of cyber attacks on IoT networks, it is crucial to implement robust cybersecurity measures. This includes using strong passwords, encryption, and authentication mechanisms, as well as keeping software and firmware up-to-date with the latest security patches.
Network segmentation, firewalls, and intrusion detection systems can also help prevent unauthorized access and limit the impact of any attacks.
Overall, the cybersecurity of IoT networks is essential for ensuring the safety, privacy, and reliability of the devices and systems they connect.
As IoT technology continues to evolve and become more pervasive, the need for effective cybersecurity measures will only increase.
My name is Sulayman Alruwais.
I am 21 years old, Libyan student at Eastern Mediterranean University in North Cyprus.
My passion is to improve my
knowledge by experiencing new skills and I am a dependable person.
All my professions is done on Windows.
My hobbies:
Sulayman Alruwais.
IT Student.
Phone: +90 5391057111
e-mail: sulayman.alruwais@gmail.com
Location: Karakol Mah. Magusa, North Cyprus.
Also you can find my media profiles, below by clicking on media icon:
For more information, please you can leave a message.
The first activity is Scanning which I tested four command tools in Command Prompt to display Network configration of Windows oprating system.
Figure 1.1 and Figure 1.2 show 'ipconfig' comand-line tool that provides some information about network configration like IP Address, type, subnet mask, and default gateway for all network adapter on the system.
Figure 2.1 and Figure 2.2 show the 'ipconfig /all' command-line tool that provides more detailed information about network configration, containing the MAC address, DNS servers, and DHCP server information for all network adapters on the system.
Figure 3 shows that I used 'tracert' command-line tool that is used to trace the route that packets take from your computer to a specified destination on the Internet.
I tested a website called 'www.a2hosting.com' to see what information gives me, for example the hops assigned from my computer to the website?, and other questions.
Q1 - How many hops from your machine to your assigned website?
There are 5 hops assigned from my laptop to www.a2hosting.com and over maximum of 30 hops.
Q2 - Which step causes the biggest delay in the route? What is the average duration of that delay?
The fourth hop causes the biggest delay, with average duration 19.3 ms.
Figure 4 shows a command 'nslookup' network tool that is useful for troubleshooting network issues and verifying DNS information.
It displays the Domain Name System(DNS), IP address, domain name, and other DNS records.
Overall, in the activity 1 I have learned some command-line tools for scanning, and these commands are 'ipconfig', 'ipconfig /all', 'nslookup', and 'tracert'.
I have learned how to get more information about networking configration as well as website info such as MAC address, IP address, DNS records, and the packets that is sent from my laptop to any assigned website.
Also it will help me to troubleshooting any network problem that may face me in the future.
A honeypot is a security resource intentionally designed to be explored, exploited, or hacked to detect and gather data on attack trends, hacker motives, and technical abilities. It is a detection and reaction tool, not a preventive one, and does not block specific intrusions or the transmission of viruses or worms. Defenders can use the information gathered to construct stronger defences and countermeasures against future security threats. Overall, honeypots are used to learn as much as possible about attack patterns and hacker behaviour.
Figure 1 shows that I am on terminal in Lunix Kali oprating system to do Honeypot Attack, so first thing in normal user I wrote 'ifconfig' command to get inet IP, because I will need it later.
Figure 2 shows from where I downloaded the honeypot tool which is 'PENTBOX'. So how did I install the PENTBOX?
In Google I wrote "pentbox honeypot", then I went to GitHub website then scroll down then you will find the link like in Figure 2,
just copy the link and pasted in Kali Lunix terminal after you enter as a root user as in Figure 3.1.
Figure 3.1, after I pasted the link and pressed enter, it will be installed, so I type 'ls' command to list computer directories. Then I change the working directory to 'pentbox',
after that I ran it.
Figure 3.2 shows the running of PENTBOX.
Figure 4.1, After I ran the PENTBOX, I went inside the PENTBOX to pentbox-1.8 directory. Then I used 'ls' command to see if 'pentbox.rb' is found or not. Then I ran it to start set up.
Figure 4.2 shows after I excuted it (pentbox.rb), it listed the options, which in honeypot should choose second option (Network tools), then it listed different type of attacks which we need is honeypot (number 3)
as it shown in Figure 4.3. Then in honeypot option I chose Manual configration (option 2), after that I insarted the port which it was 443 and the message "Cought You!! haha".
Figure 4.4 I saved the log instrusions and I did not change the name of the log file. Also I did not activate the beep() sound. after I set up the honeypot attack, you can see it is activated in Figure 4.4.
Figure 5 shows the inet IP that we took in Figure 1, it was working before, but after the attck it had secure connection failed.
Honeypots can be a valuable addition to a comprehensive security strategy, it's important to carefully consider their benefits and drawbacks and use them appropriately.
They should not be relied upon as the sole means of security, but rather as one tool in a larger toolbox.
Overall, I have learned how to install the pentbox and set up the hoenypot detection
and how benefit it is, and I had not any learning difficulty about honeypot, installing pentbox, and set it up.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.
From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
Figure 1, The first thing to do is knowing the target IP address, so I used 'ping' with the URL address which I used a website called 'www.a2hosting.com', and this step done in Command Prompt as a system user.
So the IP address of the website 'www.a2hosting.com' was 45.93.124.14.
Figure 2, after we knew the IP Address, in Kali Linux terminal I used 'sudo -i' to be a root user to have permission to all available commands and files on Linux. Then I typed 'msfconsole' which is probably the most popular interface to the Metasploit Framework (MSF). It provides an "all-in-one" centralized console and allows you efficient access to virtually all of the options available in the MSF.
Figure 3.1, after 'msfconsole' finished, I used 'use auxiliary/dos/tcp/synflood' to get access as I the instractor gave it to us, then
I used 'show options' to see the options and what the target port and host.
Figure 3.2, Then after that I set RHost "rhost 'IP Address' " to the target website or server which is '45.93.124.14',
also I set RPort "rport '80 or 443'" we have two port and I chose port 80 as the instructor said in the lecture, then this I ran it.
Figure 4, So after I made it ready I went to Wireshar and I started it as you can see in the image.
How do you know if it is working or not?
Under the Destination you see the targeted website's IP address which means that it is working.
Figure 5, shows that the targeted website is not reachable. It may take some time to disable the website.
In this attack I have learned how to do flooding attack to a server, and it was a smooth learning, because it took my attention of how a hacker stop a website and it is my first attack I learned in this course. Also it will help me to improve my knowledge about this attack and how to mitigate it. I have tried this attack 2 times rather than this one and it worked smoothly.
Digitalization is the process of leveraging digital technologies to transform a business model, creating new revenue streams and value-producing opportunities. This involves integrating digital tools and systems into various aspects of a business's operations, from management and communication to production and customer service. In today's competitive landscape, digitalization has become essential for businesses to stay relevant and thrive. It enables organizations to adapt to rapidly changing market conditions, meet customer expectations, and optimize their processes for greater efficiency and productivity. Using digitized information, digitalization is the process of making workflows and processes easier and more efficient. Especially in today's tech-driven world, it is crucial to adopt a digital culture in order to survive and succeed.
In the digital economy, organizations rely heavily on information technology systems and networks to conduct their operations. This dependence introduces various security challenges. Cybersecurity threats, such as hacking, data breaches, and malware attacks, pose significant risks to digital infrastructure, sensitive data, and intellectual property.
The increased connectivity and interdependence of digital systems also amplify the potential for cascading effects and systemic risks. A single vulnerability or breach in one part of the digital ecosystem can have far-reaching consequences, impacting multiple organizations and sectors.
Additionally, the digital economy's global nature raises concerns about international cyber espionage, cyber warfare, and state-sponsored attacks. Governments and malicious actors may seek to exploit vulnerabilities in digital systems for economic, political, or military gains, leading to potential destabilization and conflicts.
Privacy and data protection are crucial concerns in the digital economy. The collection, storage, and analysis of vast amounts of personal data raise ethical and legal issues. Unauthorized access or misuse of personal information can result in identity theft, financial fraud, and invasions of privacy.
Moreover, the rapid pace of technological advancements in the digital economy creates challenges for security practices and regulations. As new technologies emerge, traditional security measures may become outdated, requiring continuous adaptation and investment in cybersecurity capabilities.
To address these security implications, organizations need to adopt a proactive and comprehensive approach to cybersecurity. This includes implementing robust security measures, conducting regular risk assessments, raising awareness among employees, and fostering collaboration between public and private sectors to share threat intelligence and best practices.
A 'fully digital enterprise' refers to an organization that has embraced digital technologies across all aspects of its operations, processes, and interactions. It entails leveraging digital tools and platforms for communication, data storage and analysis, customer engagement, supply chain management, and more. Essentially, a fully digital enterprise utilizes technology extensively to optimize its efficiency, productivity, and customer experience.
A fully digital enterprise introduces several cyber security challenges and concerns. Here are some key ones to consider:
Low-security budget, lack of cyber-skills and increase in cyber-attacks can seriously impact SME's competitiveness and compromise event the value-chain they are connected to. This is why is fundamental for SMEs to start taking the right steps to secure their business.
The digital economy offers numerous opportunities but also brings security challenges. A fully digital enterprise utilizes digital technologies across its operations, introducing risks such as data breaches, insider threats, malware attacks,
and regulatory compliance. Bricks and mortar SMEs transitioning to digital face challenges due to limited resources, integration issues, and increased attack surface.
In my point of view, digitalization is very important for all companies even that the company is small(not international company), because if a company got hacked or some sensitive information got leaked, it may effect other company which also effect the economy.
What is OWASP?
The Open Worldwide Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation.
The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
But in this activity, we will discuss OWASP top 10 vulnerabilities 2023:
What is IEEE?
The IEEE (Institute of Electrical and Electronics Engineers) describes itself as "the world's largest technical professional society -- promoting the development and application of electrotechnology and allied sciences for the benefit of humanity,
the advancement of the profession, and the well-being of our members."
In this activity, I have done researches about both OWASP top 10 vulnerabilities(2023 version) and IEEE top 10 vulnerabilities(2021 version), the comeout of my researches is that for the IEEE, I did not found the source and some resources gave me the same as the OWASP top 10.
So, I will just reflect on the OWASP. As I mentioned above about the top 10 vulnerabilities of OWASP, before I made the research about it, I thought some of the vulnerabilities is not that important such as "Vulnerable and Outdated Components", I found it in the top 10.
During the lab activity, we focused on exploring the Vulnerability Database using the Metasploit framework. This framework is a powerful tool that is commonly utilized by both cybersecurity professionals and malicious attackers. Unfortunately, I found the activity to be quite confusing as I lacked prior knowledge in this area. I have included some screenshots from the activity in Figures 1, 2, 3, and 4. Despite my confusion, I recognize the significance of understanding and addressing vulnerabilities to ensure the security of systems and applications.
In this seminar, I have learned about Arduino uno and how it works and what is the main components and which application they use to develop it and which programming language they use.
This seminar, organized by Professor Beran on May 16th, 2023, which it was about the Arduino Uno microcontroller. The guest speaker, Ali Uker, began by providing an explanation of what the Arduino Uno is (refer to 'Figure 2').
He then proceeded to discuss the main components of the microcontroller and showcased some of his own real-world projects, including Traffic Lights (see 'Figure 4' and 'Figure 5'). I was interested about it because as I mentioned it was about real-world project and it is an important microcontroller broad.
Overall, the seminar was informative, covering the basics of the Arduino Uno microcontroller and its main components. However, it would have been even more valuable if larger-scale real-world projects were prepared and explained.
Project | Best Elevator |
---|---|
Objectives |
|
Increase customer loyalty | Sensor data are able to predict issues allowing to take proactive measures before these turn into a failure and ultimately resulting into machine downtime and customer frustration. |
Improve service maintenance and predictive maintenance | By Monitoring Operating Conditions: Like the IoT devices in other building systems, elevator IoT devices make gathering data simple and effortless.
an IoT-enabled elevator might gather data in any of these areas: Critical safety circuits, Load weighing, Number of trips, Number of door cycles, Wait times, Traffic trends, and Ride analysis. |
Manage spare parts inventory more efficiently | An IoT-enabled elevators can automatically detect when specific parts are malfunctioning or need replacement. This information can be sent to the inventory management system in real-time, triggering automatic reordering or generating alerts to ensure spare parts availability. |
Improve product design and technician training | An IoT devices are a powerful tool for orchestrating maintenance operations. Their ability to analyze large streams of performance data and predict future requirements eliminates the need for manual processes. |
Improve uptime and field service efficiency | With IoT sensors constantly monitoring elevator performance, service technicians can receive real-time alerts and notifications regarding any potential issues or malfunctions. This enables them to respond promptly, minimizing downtime and improving overall elevator uptime. |
Allocate scarce service technicians more efficiently | IoT data can provide insights into the performance of different elevators, helping companies identify elevators that require frequent maintenance or have higher failure rates. |
Communicate more effectively with suppliers | IoT-enabled elevators can facilitate seamless communication with suppliers and manufacturers. Real-time data on elevator performance and maintenance needs can be shared with suppliers automatically, enabling them to proactively address issues and ensure timely delivery of spare parts. |
Best Elevator Project is a project that develops elevators to be more beneficial by using and implementing IoT devices, the main goals for this project are to increase customer loyalty, improve maintenance, prodect design, technician traing, and somr others.
At fisrt, I thought that elevators does not need that much of IoT devices and sensors, so after I made researches about it, I found out that elevators contain many IoT sensors. Overall after the prefessor explained about it and told us to do researches, which it was very beneficial and it changed my thought about elevators.