IoT Threats and Vulnerabilities: Integrated Kali Linux-based Security Framework
Keywords:
Cybersecurity, Ethical hacking, IoT security, Kali Linux, Network monitoring, Vulnerability analysisAbstract
The Internet of Things (IoT) is a subdivision of technology nowadays. It connects numerous devices such as sensors, cameras and smart home systems. This simplifies the process of doing things a lot. IoT devices also have some big security issues. The majority of such devices lack security since they are not very strong, and they lack excellent methods of controlling the user. This renders them vulnerable to attack. They allow people to access them without being authorized to steal data and attack the network. To resolve this issue, a new security system was developed named KaliIoTSec+. This system is based on lots of Kali Linux tools to make IoT devices safer. KaliIoTSec+ operates by analyzing the network to identify all the connected devices. Then it watches the data that is being sent. It attempts to identify flaws within the system. This is tested by making the system believe that it is being attacked. This is to observe the functionality of the system. The security is also verified to ensure that the system is secure and no one is attempting to enter the system without authorization. The security checks are similar to door locks. The system must be powerful so that no one can sneak in. The system is very important in the security checks. The performance was satisfactory. The combination of a large number of tools increases the security of IoT devices compared to the security of a single tool. Threats can be detected by KaliIoTSec+. Stop them. This assists in maintaining IoT systems. It further demonstrates that security systems should secure digital systems. Perhaps, one day, one will be able to make KaliIoTSec+ even smarter. This will assist it in detecting threats more quickly and independently.
References
Bace R. and Mell P. (2001). Intrusion Detection Systems. NIST Special Publication 800-31, National Institute of Standards and Technology, Gaithersburg, USA.
S. Northcutt and J. Novak, Network Intrusion Detection: An Analyst’s Handbook, 3rd ed. Indianapolis, IN, USA: New Riders Publishing, 2002.
S. Axelsson, Intrusion Detection Systems: A Survey and Taxonomy, Technical Report No. 99-15, Chalmers University of Technology, Sweden, 2003.
C. Endorf, E. Schultz, and J. Mellander, Intrusion Detection and Prevention. California, USA: McGraw-Hill/Osborne, 2004.
A. Abraham, R. Jain, and J. Thomas, “Soft computing models for network intrusion detection systems,” International Journal of Network Security, vol. 1, no. 1, pp. 1–10, 2004.
W. Stallings, Network Security Essentials: Applications and Standards, 3rd ed. New Jersey, USA: Pearson Education, 2005.
C. Kruegel and G. Vigna, “Anomaly detection of web-based attacks,” in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ’03), Washington, DC, USA, 2003, pp. 251–261.
M. Roesch, “Snort: Lightweight intrusion detection for networks,” in Proceedings of the 13th USENIX Conference on System Administration (LISA ’99), Seattle, WA, USA, 1999, pp. 229–238.
W. Lee and S. J. Stolfo, “Data mining approaches for intrusion detection,” in Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, USA, 1998, pp. 79–94.
A. Patcha and J.-M. Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends,” Computer Networks, vol. 51, no. 12, pp. 3448–3470, Aug. 2007.
R. Sommer and V. Paxson, “Enhancing byte-level network intrusion detection signatures with context,” in Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS ’03), Washington, DC, USA, 2003, pp. 262–271.
J. P. Anderson, Computer Security Threat Monitoring and Surveillance, Contract 79F296400. Fort Washington, PA, USA: James P. Anderson Co., Feb. 26, 1980.
D. E. Denning, “Intrusion detection and computer security,” IEEE Security & Privacy, vol. 1, no. 4, pp. 24–31, Jul.–Aug. 2003.
S. Garfinkel and G. Spafford, Practical UNIX and Internet Security, 3rd ed. Sebastopol, CA, USA: O’Reilly Media, 2002.
M. Bishop, Computer Security: Art and Science. Boston, MA, USA: Addison-Wesley Professional, 2003.
