Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Стас Павлов «Построение безопасной архитектуры ...

Стас Павлов «Построение безопасной архитектуры IoT решений на примере Azure IoT референсной архитектуры»

При проектировании системы важно понять, каким угрозам эта система может подвергаться, и разработать соответствующие меры защиты при проектировании и построении её архитектуры. Особенно важно с самого начала учитывать требования безопасности при проектировании продукта. Если вы понимаете, каким образом злоумышленники могут скомпрометировать вашу систему, то это поможет еще до начала работы принять соответствующие меры по снижению рисков. В докладе на примере рефренсной архитектуры Azure IoT будет рассмотрено, каким образом можно спроектировать архитектуру соответствующую необходимому уровню безопасности.

DotNetRu

March 21, 2017
Tweet

More Decks by DotNetRu

Other Decks in Programming

Transcript

  1. From endpoint to insight to action, across the enterprise, and

    around the world Built on the industry’s leading cloud Recognized as a leader in Business Intelligence and Analytics Platforms Recognized as a the leading visionary for Internet of Things platforms Secure End-to-end From the endpoint, through the connection, to data, applications, and the cloud Open Connect anything Any device, OS, data source, software, or service Scalable Grow effortlessly Millions of devices, terabytes of data, on-premises, in the cloud, in the most regions worldwide Fast Start in minutes Preconfigured solutions for the most common IoT scenarios Insights Action Things Control
  2. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

    Android, iOS Cloud Gateway Event Hubs Field Gateway Protocol Adaptation
  3. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

    Android, iOS Cloud Gateway Event Hubs Field Gateway Protocol Adaptation IoT Hub
  4. Field Gateway Device Connectivity and Management Devices RTOS, Linux, Windows,

    Android, iOS Protocol Adaptation Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub
  5. Field Gateway Device connectivity and management Devices RTOS, Linux, Windows,

    Android, iOS Protocol Adaptation Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation Cross Platform C Code OS abstraction layer/OS bindings C API .NET API Java API Javascript API IoT Hub
  6. Field Gateway Device connectivity and management Analytics and operationalized insights

    Devices RTOS, Linux, Windows, Android, iOS Protocol Adaptation Batch Analytics and Visualizations Azure HDInsight, AzureML, Power BI, Azure Data Factory, Azure Data Lake Hot Path Analytics Azure Stream Analytics, Azure HDInsight Storm Hot Path Business Logic Service Fabric and Actor Framework Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub
  7. Field Gateway Device connectivity and management Analytics and operationalized insights

    Presentation and business connectivity Devices RTOS, Linux, Windows, Android, iOS Protocol Adaptation Batch Analytics and Visualizations Azure HDInsight, AzureML, Power BI, Azure Data Factory, Azure Data Lake Hot Path Analytics Azure Stream Analytics, Azure HDInsight Storm Presentation and Business Connectivity App Service, Websites Dynamics, BizTalk Services, Notification Hubs Hot Path Business Logic Service Fabric and Actor Framework Cloud Gateway Event Hubs and IoT Hub Field Gateway Protocol Adaptation IoT Hub
  8. Devices Device connectivity Storage Analytics Presentation and action Event Hubs

    SQL Database Machine Learning App Service Service Bus Table/Blob Storage Stream Analytics Power BI External Data Sources DocumentDB HDInsight Notification Hubs IoT Hub External Data Sources Data Factory Data Lake Mobile Services BizTalk Services { }
  9. Device Management Portal Provisioning API Identity and Registry Stores Stream

    Event Processor Analytics/ Machine Learning Data Visualization and Presentation Device State Store (last known state) Field Gateway Azure IoT services reference architecture Storage IP capable devices Legacy IOT devices Low power devices Device and Event Processing Data Transport Devices and Data Sources Azure Event Hubs and Service Bus Agent Agent
  10. Device Field Gateway Cloud Gateway Services 2.3.1.1 2.3.1.2 2.3.1.3 2.3.1.4

    2.3.1.5 2.3.2.1 2.3.2.2 2.3.3.3 2.3.3.1 2.3.3.2 2.3.2.2 2.3.3.3 equiv. 2.3.1.4 2.3.4.3 2.3.1 Device Environment 2.3.1.1 Physical Interference 2.3.1.2 Direct Control Surfaces 2.3.1.3 Intermediated Control Surfaces 2.3.1.4 Peered Controllers (wired and wireless) 2.3.1.5 Broadcast and multicast (wired and wireless) 2.3.2 Field Gateway 2.3.2.1 Device to Field Gateway 2.3.2.2 Controllers to Field Gateway 2.3.3 Cloud Gateway 2.3.3.1 Device to Cloud Gateway 2.3.3.2 Field Gateway to Cloud Gateway 2.3.3.3 Controller to Cloud Gateway 2.3.4 Service 2.3.4.1 Service to Field Gateway 2.3.4.2 Service to Cloud Gateway 2.3.4.3 Controller to Service
  11. Azure IoT services Microsoft Azure IoT Suite Azure IoT Suite

    Predictive maintenance Remote monitoring Asset management And more… Addresses common scenarios: Enables you to Mine data Take action Connect assets M o n i t o r i n g
  12. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance
  13. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance
  14. 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script

    Kiddies BLASTER, SLAMMER Motive: Mischief 2003-2004 The evolution of attacks
  15. 2005-PRESENT Organized Crime RANSOMWARE, CLICK-FRAUD, IDENTITY THEFT Motive: Profit Script

    Kiddies BLASTER, SLAMMER Motive: Mischief 2012 - Beyond Nation States, Activists, Terror Groups BRAZEN, COMPLEX, PERSISTENT Motives: IP Theft, Damage, Disruption 2003-2004 The evolution of attacks
  16. Azure IoT Suite security features Device security Connection security Cloud

    security Securely connect millions of devices . . . Over a secure internet connection . . . To Microsoft Azure – built with security from the ground up
  17. Defense in depth – Important roles IoT solution operator IoT

    solution deployer IoT cloud and solution provider IoT solution developer IoT hardware manufacturer and integrator
  18. Elements of Azure IoT Suite 1.Connect and Manage Devices &

    Gateways Gateway & Devices Preconfigured solutions Connect and control 2. Analyze streaming data & Generate predictive insights* Real time analytics Predictive analytics* Data visualization 3. Integrate into business systems Workflow integration Push and broadcast notifications ID and access management 4. Secure IoT Infrastructure 5. Customize IoT Architecture * Only applies to Predictive Maintenance
  19. © 2017 Microsoft Corporation. All rights reserved. Microsoft, Windows, and

    other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.