Skip navigation
All Places > CA Security > Blog > 2016 > April
2016

Part 1 of a four part series on security and the Internet of Things (IoT).SIoTP1.jpg

  • In this part, I will discuss the state of the IoT Security.
  • In Part 2, I will explore and discuss existing security approaches and products.
  • In Part 3 I will dive deeper into the technical side of IoT Security.
  • In Part 4 I will initiate a discussion of the IoT Security market.

 

 

 

 

What you don't know can hurt you.  I ran into some pretty scary items while conducting research for this blog.  There is an IoT search engine that will scan the internet looking for open, unencrypted device ports and will report back what it finds.  Including, for example, the stream of a web cam monitoring a sleeping baby.  I also found:

  • A report about a security researcher able to remotely change the dose of an insulin pump or change the voltage levels on a pacemaker.
  • Discussions about hackers utilizing your home devices to gain entry into your home network and all you have stored there.
  • And many, many more.

 

Frightened yet?  I am.

 

The chilling facts.  The above examples of science fiction becoming science fact - from identity theft to tampering with medical devices - are easy to find.  New technologies are still not taking security into account and, consequently, we are developing an open and unsecure infrastructure.  The evolution is somewhat understandable as, who would want to hack a refrigerator?  But your refrigerator now could be a gateway to your finances.

 

Do you think this is all hype? Mountains made out of molehills?  Possibly, but hacks into your webcams and your home router are real; and consider this, the FTC is now involved(1).  ARS Technica reports that the FTC has "prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services" and published a list of industry best practices for IoT manufacturers.

This may seem like fantasy, but it is not.  This is our reality today.  The average appliance consumer will not realize that by plugging in their device and configuring it on the wireless, they could open themselves up to identity theft, web cam stalking, and other malicious activities and attacks.

Education of the end user will help but until and unless manufacturers of IoT devices stop looking at security as an added cost, and start looking at it a fundamental cost of doing business, these vulnerabilities will remain in place and continue to make the Internet of Things a very dangerous place to be.

 

In my next posts I will discuss what is currently in place or being released and the possibilities that are open to us to bring security into this space.

 

(1) Porup, J.M. "“Internet of Things” Security Is Hilariously Broken and Getting Worse." ARS Technica. N.p., 23 Jan. 2016. Web. 26 Feb. 2016.

News & Announcements

CA World '16 Call for Speakers is Now Open

Waiting for something new in CA Identity Suite?

CA Identity Suite 12.6.8 GA Announcement

April 2016 Security News You Can Use Customer Newsletter

Community Hack - Find Your Product Community

 

Tech Tips & Support Docs

Tech Tip - CA Single Sign-On: SP-initiated SSO is failing with error 400

Tech Tip - CA Single Sign-On: Webserver responded with deformed packets when webagent is enabled

Tech Tip - CA Privileged Identity Manager: how to obtain seosd debug log without restarting PIM

Tech Tip - CA Identity Management and Governance Last week's Tech Docs

How to troubleshoot Connector Server

Tech Tip - CA Single Sign-On: Policy Server logs error 91 against LDAP policy store

 

Questions

Answered

Policy Server Upgrade along with user permission change from root to smuser

What versions of SiteMinder are currently supported?

Policy Xpress - inputing data from SQL tables to action rule template which makes Soap calls

Unanswered

CA PAM: How are break glass/reconcilation accounts confugured in CA PAM?

Federation Signature and Encryption

CA SSO and ASP.NET

Can HTTP_AUTHORIZATION Header be suppressed at Siteminder end.

How does the 'percent different from last password' work ?

 

New Ideas

Certification of ForgeRock OpenDJ

Certification campaign window

Certification campaign - approve all for specific group of users

SM/SSO R12.52 SP1 with IBM HTTP Server (IHS) 8.5.x on Windows 2012 R2

Data Protection certified for Windows 10

SAM Break-Glass usage report by group

Auto-Reconciliation of accidental/malacious account enabling in AD

Certification request for Apache2.2.x(32bit) & 2.4.x (32bit) on WindowsServer 2012 / R2 (32bit)

Pagination request

iConsole Download location

SecureCloud SPS - AuthN/AuthZ webservices

SSO pagination - Display more no of rows per page

CA SSO : Apache Graceful Restart Enhancement.

Active Directory Home Directory management enhancements

Remote execution of scripts from CAIM

 

Polls & Surveys

What is your preferred method of training?

 

Click here to view the CA Community Event Calendar!

Upcoming CA Security events:

CA Identity Suite support for CA Business Intelligence (CABI) 6.2 [Apr. 26th]: https://communities.ca.com/events/2791

What happened last week in the CA Security Community? Here's a quick recap...

 

News & Blogs

Do you respect the backlog?

CA World '16 Call for Speakers is Now Open

Got an Idea? We’re Listening CA World ’16 Session Ideation

 

Support Docs & Tech Tips

Latest Knowledge Base Articles published for CA Privileged Identity Manager (11-Apr-2016)

Latest Knowledge Base Articles published for CA Data Protection (11-Apr-16)

Tech Tip - CA Identity Management and Governance Last week's Tech Docs

Tech Tip - CA (PIM): Reduce Jboss log size

Tech Tip - CA Single Sign-On: Web Agent : SiteMinder and ASP.NET MVC

Tech Tip - CA Single Sign-On: Secure Proxy Server becomes unresponsive under load

Tech Tip - CA Single Sign-On: AD user continue to get login prompt despite reaching max login attempts

Tech Tip - CA Single Sign-On: PolicyServer :: LDAPPingTimeout Explained

Tech Tip - CA Single Sign-On: Web Agent :: AgentWaitTime Explained

 

Questions

Answered

Disable SiteMinder Policy using Perl

CA SSO Agent for Sharepoint to add additional claims

CA SSO : What are new features/advantages of R12.52 over R12?

How does the 'percent different from last password' work ?

Not Answered

Set RD Gateway in ActiveX login script

Support for MS HyperV2012R2 under PIM12.9?

Can I ask about PIM sdk?

SPS to a back end with a basic authentication

cannot create import connector for IDM from IG

Deferred delete user task based on input termination date

Error 1723 in the Agent Installation

Session Assurance - POST method gets kicked to login page

 

New Ideas

Identity Governance IDM Connector import IDM groups

IM 12.6 | Ordered values on Bulk Loader execution

AssertionConsumerServiceIndex

Issuer

Importing recording files from backups and viewing in PAM

Custom message on Remove group membership screen

Show more details on View My Worklist screen

ControlMinder support AIX 7.2 time

Add ILO models to the CA Shared Account Manager support matrix

Ability to have ARCOT (CA Strong Authentication) support TLS 1.1 and TLS 1.2

PIM 12.9 support for Teradata as a DB

Provide Human readable 8 digit tracking # system for service requests

Secure Cloud Product Enhancements

Enhance SiteMinder so that using Security Zones with persistent sessions behaves the same as with non-persistent sessions

I want to add  [Esc] key to a result of "seaudit -kbl cmd".

Granular User and Task reporting

Allow validate() function call on 'user selector' or 'object selector' screen element

Certification of 389 Project as User Store, Session Store and Policy Store

 

Click here to view the CA Community Event Calendar!

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

Announcements

CA SSO : Policy Server VS 3rd party components closing Idle Connection.

General Availability Announcement for CA Privileged Access Manager 2.5.6

 

Previous Events

Chat Transcript: Office Hours for CA Privileged Access Management [Apr. 6th]

 

Questions

Group membership change occurred on Active Directory are "visible" to CA IM without performing any Explore & Correlate

How to format a nameID value in the assertion configuration for a federation partnership

Restrict ingested campaigns accessibility to reviewers in Identity Governance

Script Processor Documentation availability

CA Directory as IBM WebSphere (WAS) Federated Repository

Response set HTTP variable from DB onAccessAccept

PIM Role Management without CA Management Console?

SIGMA IM connector Error

 

New Ideas

Click on an idea below to vote it up or down.

IdM Siebel connector to support Siebel v15

Support Limit Concurrent Login on Windows 2008

CA Strong Authentication Support for SQL2012 alwayson availability groups

Ability to update logical attribute from child workflow to parent workflow

Cancelling worklist items

Change error message displayed when Password doesn't match on change

[PIM] Limit the amount of dumps created by seoswd

Infrastructure Support for Windows Authenticated SQL Server Logins

Allow OAUTH federation to use proxy for connection for backchannel to Auth Provider

Enhancment of selogrd forwarding to syslog

Duration customization on the Services Task on IM

CA SSO : Policy Server trying to SEARCH over a CLOSE_WAIT Connection.

What happened in the CA Security Community? Here's a quick recap...

Getty_166499394_75.jpg

 

Announcements

Latest Knowledge Base Articles for Single Sign-On (Formerly CA SiteMinder) [2/4/2016]

Platform Support Matrix: CA Privileged Access Manager v2.5

 

Upcoming Events

https://communities.ca.com/events/2762

https://communities.ca.com/events/2761

 

Tech Tips

Tech Tip - CA Single Sign-On: Web Agent : X-Frame-Options Introduced

Tech Tip - CA Identity Management and Governance Last week's Tech Docs

 

Questions

Does CA SiteMinder (Single Sign On) gave a capability to view all the live sessions when using Non Persistent Cookies

SiteMinder integration with IVR

Policy server install error

how to file transfer in proxy_RDP session

Query Embedded Entitlements Manager Group Membership

Query: WNA configuration for SAML based application

Does CA PAM send e-mail via Gmail?

Doubt about Extending the Active Directory Schema

 

New Ideas

Click on an idea below to vote it up or down.

An Enhancement Request : Aggregation of authentication scheme using CookieProvider in multiple domains

CA Directory Monitoring with CA APM

Dxsearch limitation

GovernanceMinder Campaign view for Enterprise Campign and Application Specific Campaign

Dependent Objects in WAMUI

Identity Manager to handle down SAP endpoints

CA SSO : Enhance SPSDefaultACO to include all necessary values

Option to use different port than 22 on Unix V2 endpoint

ASA Agent has that limit  - there's no functionality to allow Certificate Authentication

CA Identityminder to support OUD as Corpstore and Endpoint

Move AD Groups with IDM