Summary
The SANS @ Night Internet of Everything workshop on June 21, 2017, by Matthew J. Harmon frames the cybersecurity challenges posed by a rapidly expanding landscape of interconnected devices and emphasizes why smart often means exploitable.
Legal Hurdles
Harmon begins by unpacking the legal hurdles around IoT security research including reverse-engineering restrictions and patent ambiguities and uses an analogy to routine maintenance to stress the need for continuous device hygiene. He then quantifies the IoT explosion (8 billion connections in 2016 per Cisco, 460 million responsive IPs in the Carna botnet census) and surveys Shodans index of exposed smart endpoints. Drawing on the OWASP IoT Attack Surface model, he breaks down exploitable vectorsdefault credentials, unencrypted data flows, firmware backdoors, sensor privacy leaksi and poses probing questions (e.g., Is your dishwasher a web-server?) to underline the urgency of visibility and risk awareness.
Hands-On
In the hands-on segment, participants build a known state monitoring stack: deploying Security Onion for network visibility; integrating Darkstat and ntopng for passive traffic analysis; and using Bro for protocol inspection, alongside OSSEC and Sysmon for host telemetry. Harmon extends the lab with DCIM/IPAM via NetBox and leverages MITREs Cyber Analytics Repository (CAR) and ATT&CK frameworks to detect lateral movement and prune low-hanging IoT risks. Through systematic enumeration of devices, data stores, and normal traffic baselines, the workshop demonstrates how comprehensive visibility transforms an overwhelming IoT attack surface into manageable, proactive security controls.