Orchestrating and Automating Security for the Internet of Things: Delivering Advanced Security Capabilities from Edge to Cloud for IoT

Book description

Discover high-value Azure security insights, tips, and operational optimizations

Master powerful techniques and approaches for securing IoT systems of all kinds–current and emerging


Internet of Things (IoT) technology adoption is accelerating, but IoT presents complex new security challenges. Fortunately, IoT standards and standardized architectures are emerging to help technical professionals systematically harden their IoT environments. In Orchestrating and Automating Security for the Internet of Things, three Cisco experts show how to safeguard current and future IoT systems by delivering security through new NFV and SDN architectures and related IoT security standards.


The authors first review the current state of IoT networks and architectures, identifying key security risks associated with nonstandardized early deployments and showing how early adopters have attempted to respond. Next, they introduce more mature architectures built around NFV and SDN. You’ll discover why these lend themselves well to IoT and IoT security, and master advanced approaches for protecting them. Finally, the authors preview future approaches to improving IoT security and present real-world use case examples.


This is an indispensable resource for all technical and security professionals, business security and risk managers, and consultants who are responsible for systems that incorporate or utilize IoT devices, or expect to be responsible for them.


· Understand the challenges involved in securing current IoT networks and architectures

· Master IoT security fundamentals, standards, and modern best practices

· Systematically plan for IoT security

· Leverage Software-Defined Networking (SDN) and Network Function Virtualization (NFV) to harden IoT networks

· Deploy the advanced IoT platform, and use MANO to manage and orchestrate virtualized network functions

· Implement platform security services including identity, authentication, authorization, and accounting

· Detect threats and protect data in IoT environments

· Secure IoT in the context of remote access and VPNs

· Safeguard the IoT platform itself

· Explore use cases ranging from smart cities and advanced energy systems to the connected car

· Preview evolving concepts that will shape the future of IoT security ..

Table of contents

  1. Cover
  2. About this eBook
  3. Title Page
  4. Copyright Page
  5. About the Author(s)
    1. About the Technical Reviewers
  6. Dedications
  7. Acknowledgments
  8. Contents at a Glance
  9. Contents
  10. Reader Services
  11. Icons Used in This Book
  12. Command Syntax Conventions
  13. Foreword: The Challenge and Opportunity of IoT Security
  14. Introduction
  15. Part I. Introduction to the Internet of Things (IoT) and IoT Security
    1. Chapter 1. Evolution of the Internet of Things (IoT)
      1. Defining the Internet of Things
      2. Making Technology and Architectural Decisions
      3. Is the Internet of Things Really So Vulnerable?
      4. Summary
      5. References
    2. Chapter 2. Planning for IoT Security
      1. The Attack Continuum
      2. The IoT System and Security Development Lifecycle
      3. The End-to-End Considerations
      4. Segmentation, Risk, and How to Use Both in Planning the Consumer/Provider Communications Matrix
      5. Summary
      6. References
    3. Chapter 3. IoT Security Fundamentals
      1. The Building Blocks of IoT
      2. The IoT Hierarchy
      3. Primary Attack Targets
      4. Layered Security Tiers
      5. Summary
      6. References
    4. Chapter 4. IoT and Security Standards and Best Practices
      1. Today’s Standard Is No Standard
      2. Defining Standards
      3. The Challenge with Standardization
      4. IoT “Standards” and “Guidance” Landscape
      5. Standards for NFV, SDN, and Data Modeling for Services
      6. Communication Protocols for IoT
      7. Specific Security Standards and Guidelines
      8. Summary
      9. References
    5. Chapter 5. Current IoT Architecture Design and Challenges
      1. What, Why, and Where? A Summary
      2. Approaches to IoT Architecture Design
      3. General Approaches
      4. Industrial/Market Focused
      5. NFV- and SDN-Based Architectures for IoT
      6. Approaches to IoT Security Architecture
      7. The IoT Platform Design of Today
      8. Summary
      9. References
  16. Part II. Leveraging Software-Defined Networking (SDN) and Network Function Virtualization (NFV) for IoT
    1. Chapter 6. Evolution and Benefits of SDX and NFV Technologies and Their Impact on IoT
      1. A Bit of History on SDX and NFV and Their Interplay
      2. Software-Defined Networking
      3. Network Functions Virtualization
      4. The Impact of SDX and NFV in IoT and Fog Computing
      5. Summary
      6. References
    2. Chapter 7. Securing SDN and NFV Environments
      1. Security Considerations for the SDN Landscape
      2. Security Considerations for the NFV Landscape
      3. Summary
      4. References
    3. Chapter 8. The Advanced IoT Platform and MANO
      1. Next-Generation IoT Platforms: What the Research Says
      2. Next-Generation IoT Platform Overview
      3. Example Use Case Walkthrough
      4. Summary
      5. References
  17. Part III. Security Services: For the Platform, by the Platform
    1. Chapter 9. Identity, Authentication, Authorization, and Accounting
      1. Introduction to Identity and Access Management for the IoT
      2. Access Control
      3. Authentication Methods
      4. Dynamic Authorization Privileges
      5. Manufacturer Usage Description
      6. AWS Policy-based Authorization with IAM
      7. Accounting
      8. Scaling IoT Identity and Access Management with Federation Approaches
      9. Evolving Concepts: Need for Identity Relationship Management
      10. Summary
      11. References
    2. Chapter 10. Threat Defense
      1. Centralized and Distributed Deployment Options for Security Services
      2. Fundamental Network Firewall Technologies
      3. Industrial Protocols and the Need for Deeper Packet Inspection
      4. Alternative Solution: Deep Packet Inspection
      5. Application Visibility and Control
      6. Intrusion Detection System and Intrusion Prevention System
      7. Advanced Persistent Threats and Behavioral Analysis
      8. Malware Protection and Global Threat Intelligence
      9. DNS-Based Security
      10. Centralized Security Services Deployment Example Using NSO, ESC, and OpenStack
      11. Distributed Security Services Deployment Example Using Cisco Network Function Virtualization Infrastructure Software (NFVIS)
      12. Summary
      13. References
    3. Chapter 11. Data Protection in IoT
      1. Data Lifecycle in IoT
      2. Data at Rest
      3. Data in Use
      4. Data on the Move
      5. Protecting Data in IoT
      6. Summary
      7. References
    4. Chapter 12. Remote Access and Virtual Private Networks (VPN)
      1. Virtual Private Network Primer
      2. Site-to-Site IPsec VPN
      3. Software-Defined Networking-Based IPsec Flow Protection IETF Draft
      4. Applying SDN-Based IPsec to IoT
      5. Software-Based Extranet Using Orchestration and NFV
      6. Remote Access VPN
      7. Summary
      8. References
    5. Chapter 13. Securing the Platform Itself
      1. (A) Visualization Dashboards and Multitenancy
      2. (B) Back-End Platform
      3. (C) Communications and Networking
      4. (D) Fog Nodes
      5. (E) End Devices or “Things”
      6. Summary
      7. References
  18. Part IV. Use Cases and Emerging Standards and Technologies
    1. Chapter 14. Smart Cities
      1. Use Cases Introduction
      2. The Evolving Technology Landscape for IoT
      3. The Next-Generation IoT Platform for Delivering Use Cases Across Verticals: A Summary
      4. Smart Cities
      5. Smart Cities Overview
      6. The IoT and Secure Orchestration Opportunity in Cities
      7. Security in Smart Cities
      8. Smart Cities Example Use Cases
      9. Summary
      10. References
    2. Chapter 15. Industrial Environments: Oil and Gas
      1. Industry Overview
      2. The IoT and Secure Automation Opportunity in Oil and Gas
      3. The Upstream Environment
      4. The Midstream Environment
      5. The Downstream and Processing Environments
      6. Security in Oil and Gas
      7. Oil and Gas Security and Automation Use Cases: Equipment Health Monitoring and Engineering Access
      8. Evolving Architectures to Meet New Use Case Requirements
      9. Summary
      10. References
    3. Chapter 16. The Connected Car
      1. Connected Car Overview
      2. The IoT and Secure Automation Opportunity for Connected Cars
      3. Security for Connected Cars
      4. Connected Car Security and Automation Use Case
      5. Summary
      6. References
    4. Chapter 17. Evolving Concepts That Will Shape the Security Service Future
      1. A Smarter, Coordinated Approach to IoT Security
      2. Blockchain Overview
      3. Blockchain for IoT Security
      4. Machine Learning and Artificial Intelligence Overview
      5. Machine Learning
      6. Deep Learning
      7. Natural Language Processing and Understanding
      8. Neural Networks
      9. Computer Vision
      10. Affective Computing
      11. Cognitive Computing
      12. Contextual Awareness
      13. Machine Learning and Artificial Intelligence for IoT Security
      14. Summary
      15. References
  19. Index
  20. Code Snippets

Product information

  • Title: Orchestrating and Automating Security for the Internet of Things: Delivering Advanced Security Capabilities from Edge to Cloud for IoT
  • Author(s): Anthony Sabella, Rik Irons-Mclean, Marcelo Yannuzzi
  • Release date: June 2018
  • Publisher(s): Cisco Press
  • ISBN: 9780134756936