Chet Hosmer - Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time

Defending IoTInfrastructureswith the Raspberry Pi Monitoring and Detecting Nefarious Behavior in Real Time Chet Hosmer Defending IoTInfrastructures withthe Raspberry PiMonitoring and DetectingNefarious Behavior inReal TimeChet HosmerDefending IoT Infrastructures with the Raspberry Pi: Monitoring andDetecting Nefarious Behavior in Real Time Chet Hosmer Longs, South Carolina, USA ISBN-13 (pbk): 978-1-4842-3699-4 ISBN-13 (electronic): 978-1-4842-3700-7 https://doi.org/10.1007/978-1-4842-3700-7 Library of Congress Control Number: 2018949207 Copyright 2018 by Chet Hosmer This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.

The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director, Apress Media LLC: Welmoed Spahr Acquisitions Editor: Susan McDermott Development Editor: Laura Berendson Coordinating Editor: Rita Fernando Cover designed by eStudioCalamar Cover image designed by Freepik (www.freepik.com) Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. com/rights-permissions. com/rights-permissions.

Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at http://www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the books product page, located at www.apress.com/9781484236994. For more detailed information, please visit http://www.apress.com/source-code. Printed on acid-free paper To my wife Janet; your love and guidance makethe journey complete.Table of Contents v Table of Con T T able of Con enT en s vi Table of Con T T able of Con enTs vii About the AuthorChet Hosmer is the Founder of Python Forensics, Inc., a nonprofit organization focused on the collaborative development of open source investigative technologies using the Python programming language.

Chet has been researching and developing technology and training surrounding forensics, digital investigation, and steganography for over two decades. He has made numerous appearances to discuss emerging cyberthreats, including National Public Radios Kojo Nnamdi Show, ABCs Primetime Thursday, NHK Japan, TechTVs CyberCrime and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to cybersecurity and forensics and has been interviewed and quoted by IEEE, The New YorkTimes, The Washington Post, Government Computer News, Salon.com, and Wired Magazine. Chet has authored five books within the cybersecurity domain, ranging from data hiding to forensics. Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate Program. He is also an adjunct faculty member at Champlain College in the Digital Forensic Science Program Masters Program.

Chet delivers keynote and plenary talks on various cybersecurity related topics around the world each year. ix About the Technical ReviewerMichael T. Raggo Chief Security Officer, 802 Secure (CISSP, NSA-IAM, ACE, CSI) has over 20 years of security research experience. His current focus is wireless IoT threats impacting the enterprise. Michael is the author of MobileData Loss: Threats and Countermeasures and Data Hiding: Exposing Concealed Data inMultimedia, Operating Systems, Mobile Devicesand Network Protocols for Syngress Books, and contributing author for Information Security: The Complete Reference (2nd edition). xi Acknowledgments A special thanks to Mike Raggo for his insight and encouragement throughout this process. xi Acknowledgments A special thanks to Mike Raggo for his insight and encouragement throughout this process.

Thank you for championing this project from the beginning and testing every version of the Pi sensor along the way. Your guidance, your friendship, and your quest to improve security and safety are inspiring. Thanks to Carlton Jeffcoat and Cameron Covington at WetStone for deploying the sensor in live environments to passively map potential vulnerabilities and for providing insights to make the sensor even better. Thanks to the Utica College cybersecurity graduate students who have experimented with the earliest to the final versions of PiSensor and have provided excellent feedback. Thanks to Rita Fernando, Laura Berendson, Susan McDermott, and the whole team at Apress for your incredible patience throughout this process and for your constant encouragement. xiii Introduction The Internet of Things (IoT) and industrial control systems (ICS) require special attention from a cybersecurity point of view.

This is based on the well-known and -documented fact that the protocols and implementations have vulnerabilities that when exploited can produce considerable damage and provide an avenue for the exfiltration of data. In addition, when examining these environments due to the dynamic nature and/or critical infrastructure implications, active scanning or probing of these environments is either discouraged or ineffective. Thus, passive monitoring of these environments offers insights into the behavior of these devices and the networks in which they operate. One of the core issues is the placement of the monitoring devices to provide visibility and coverage from both the wired and wireless points of view. There are vendor solutions that are offered today that rely on expensive hardware and software solutions that may lack flexibility. Using a Raspberry Pi and open source Python software to passively monitor, detect, baseline, and provide insight into these behaviors has been called crazy by some.