Communication protocols

Overview

Internet of Things (IoT) devices can be used to sense and share data from its surrounding environment for various purposes that can be useful for both humans and machines. These can be as simple as measuring the temperature of a room or more critical tasks such as monitoring the heart-rate of a sick patient in a hospital. The advances in hardware design, communication protocols, and computing technologies have created an ecosystem of a variety of IoT devices by numerous vendors and underlying infrastructure.

The network diagram provided (Figure 1 – see below) illustrates the various IoT devices integrated in a medium sized organisation’s IT network. Table 1 (see below)provides detailed specifications of the devices including hardware, software, and firmware details. Although the network is already secured with various defences, there are several problems that can lead to the organisation being compromised by cyber criminals.

Instructions

You have been hired as an external cyber security consultant to analyse the network for security issues and recommend solutions to mitigate these risks in the form of a technical report. The report is intended to be submitted to the management committee of the organisation. Therefore, highly technical concepts must be further described to a level understood by a novice audience.

Your report should consist of the following:

1. Identify and contextualise two (2) security issues related to the IoT devices and two (2) security issues related to the IT infrastructure. You may consider aspects related to hardware, software, firmware, and protocols.
2. Further support the above security issues by describing an actual attack that has occurred for both IoT and IT.
3. Explain four two vulnerabilities including the CVE that exist in this organisation.
4. Propose and justify solutions to address the issues that you have identified in the task (1).

Please note that discussions related to security policies are beyond the scope of this assessment and therefore should be excluded from your report.

Marking Criteria

Each of the following criteria are worth 8 marks, with a total of 40 marks for the whole assessment.

1. Identification of security issues (two for IoT and two for IT)
2. Actual attacks described for IoT and IT
3. Four Two vulnerabilities/CVE explained
4. Solutions proposed and justified to address the four security issues identified
5. Quality of report based on sources and referencing, depth of research, critique, and writing