Beginner’s guide to Pentesting IoT Architecture/Network and Setting up IoT Pentesting Lab – Part 2

This is the 2nd part in Pentesting and Setting up our own IoT Lab. I hope you have gone through the first part. If not, please go through it.

Pentesting and Setting up our own Lab – Instead of creating two separate sections (one for pentesting and other for Lab) I will cover both the part together and at the end you will realize this approach is better than the former one.

This section covers all the steps mentioned in the last post, and the following IoT architecture will be used as a reference for the explanation –

This is the same architecture which was used in the last post.

Explanation of each step and setting up our own IoT Lab –

  1. List all the components involved in the given scope – This is the first step. Applying the above steps following elements are identified –
    1. IoT Device
    2. Mobile application(Android/iOS/Windows) installed on the mobile phone
    3. IoT Gateway
    4. Cloud/Web Interface
  2. Make an architecture connecting all the components with each other – This has been already done, but in real time, you will have to make a one. It’s easy, just connect all the components which share and exchange data with each other.
  3. Mark how various components communicate with each other and what protocols do they make use of – This step is also done for us. In this step, we need to mention the protocols being used for communication.
  4. Once the architecture and communication flow is ready, pentest each component independently – This is the most critical step. This step involves pentesting each component individually. Following components have been identified –
    1. IoT Device – Usually a pentesting consists of the software side of any device/implementation. However, with the advent of IoT, we need to consider Hardware aspect as well. An (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nitesh Malviya. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/detux7NZz9E/