Configuration and vulnerability analysis in Amazon IoT Greengrass
IoT environments can consist of large numbers of devices that have diverse capabilities, are long-lived, and are geographically distributed. These characteristics make device setup complex and error-prone. And because devices are often constrained in computational power, memory, and storage capabilities, this limits the use of encryption and other forms of security on the devices themselves. Also, devices often use software with known vulnerabilities. These factors make IoT devices an attractive target for hackers and make it difficult to secure them on an ongoing basis.
Amazon IoT Device Defender addresses these challenges by providing tools to identify security issues and deviations from best practices. You can use Amazon IoT Device Defender to analyze, audit, and monitor connected devices to detect abnormal behavior, and mitigate security risks. Amazon IoT Device Defender can audit devices to ensure they adhere to security best practices and detect abnormal behavior on devices. This makes it possible to enforce consistent security policies across your devices and respond quickly when devices are compromised. IFor more information, see the following topics:
-
Amazon IoT Device Defender in the Amazon IoT Core Developer Guide.
In Amazon IoT Greengrass environments, you should be aware of the following considerations:
-
It's your reponsibility to secure your physical devices, the file system on your devices, and the local network.
-
Amazon IoT Greengrass doesn't enforce network isolation for user-defined Greengrass components, whether or not they run in a Greengrass container. Therefore, it's possible for Greengrass components to communicate with any other process running in the system or outside over network.