Lesson Plan IoT Hardening

Lesson Plan IoT Hardening

Summary

The module will review steps necessary to harden an IoT device using the example of a Raspberry Pi. In this lesson, we will review the importance of software updates, user management, network management, and intrusion detection systems.

Grade

High School

Time Required

60 Minutes

First principles

• Domain Separation
• Process Isolation
• Resource Encapsulation
• Modularity
• Least Privilege
• Abstraction
• Data Hiding
• Layering
• Simplicity
• Minimization

Learning Objectives

1. What is Hardening and why is it important.
2. How make it harder for attackers to profile your IoT.
3. How to configure a firewall with firewall rules.
4. Add multiple layers of defense to a device.

Materials list

• Access to Internet

Learning Facilitation

Warm up Activity

Ask what do you already know about it Hardening an Internet connected device?

Vocabulary

• Firewall
• Intrusion Detection
• User management

Unplugged Activity Example

1. Assign two students to be personal computers in a network. Give them signs to put on their chest that say personal computer.

2. Assign two students to be the Firewall. Have students extend their arms out and connect them. Have them stand in front of the personal computer students.

3. Have one student stand behind the Firewall students and give them a sign that says Internet.

4. Facilitate discussion on why a Firewall is important.

5. Facilitate discussion on how a packet of information will travel internal and external.

6. Show video: (https://www.youtube.com/watch?v=6UtiQwCX2wU)

7. Review Firewalls as a Collection of Valves and discuss Firewall Rules.

8. Author ufw (uncomplicated fire wall) firewall rules for a Linux OS (Raspberry Pi)

9. Consider similar activities for other IoT Hardening Concepts.

Closure

Review what was discussed in the module.

Reflection

Review how cybersecurity first principles were demonstrated in this module.

Assessment

Students will demonstrate an understanding of definitions, terminology, and command prompts through a game of Jeopardy/Kahoot Game.

e.g. Quiz / Presentation / Project / Writing Assignment / Observation / Walk Around / Oral Questioning / Other

Accommodations for students with disabilities

N/A

Extension Activities / Additional Readings

Point students to additional resources in the module.

Module Lead Author

Robin A. Gandhi

Acknowledgements

• A special thanks to Matt Hale for reviews of this module and thoughtful discussions.

License

Nebraska GenCyber
is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Overall content: Copyright (C) 2017-2018 Dr. Matthew L. Hale, Dr. Robin Gandhi, and Doug Rausch.

Lesson content: Copyright (C) Your name here 2017-2018.

This lesson is licensed by the author under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.