Evaluation of Vulnerability Scanner: Princeton IoT Inspector
The purpose of this project was the evaluation of the Princeton IoT Inspector, to judge its potential and expedience for the use in home office environments and small businesses. Additionally, a network security assessment checklist has been developed and evaluated, including the IoT Inspector.
Korteweg Simon, 2020
Bachelor Thesis, University of Applied Sciences and Arts Northwestern Switzerland
Betreuende Dozierende: Petra Asprion
Keywords: vulnerability scanner evaluation, network security assessment, checklist
Views: 24 - Downloads: 5
The topic of cybersecurity and prevenative measures against attacks is of worldwide increasing importance. COVID-19 has lead to many people working remotely from home, simultaneously the number of devices connected to the internet are on the rise. There are many tools that can help identifiying vulnerabilites which arise from misconfigurations or the use of outdated soft- and firmware. The goal is to evaluate and assess the Iot inspector in its ability to detect vulnerabilites in a network and to create a checklist to enable users to quickly assess the level of security of their network.
During the research phase a theoretical part was created to define what a vulnerability scanners role is in the vulnerability assessment process. The Princeton IoT Inspector was evaluated by testing and researching its functionality. Followed by researching other critical aspects of network security assessment by reviewing checklists and best practices guides from vendors or renowned sources. From these results a network security assessment checklist was derived that was evaluated by independent participants. This checklist included scanning the network with the Princeton IoT Inspector.
Two deliverables have been defined and were developed in the course of this project. The first result is a conclusive statement about the eligibility of the vulnerability scanner Princeton IoT Inspector, the goal was to identify its value for home users and SMEs. The evaluation of the vulnerability scanner has shown that the IoT Inspector is primarily a research tool to create a large labelled dataset of IoT devices. Nontheless, it is a valuable tool to easily inspect and monitor a networks traffic and can help identifying vulnerable IoT devices that pose a threat due to known vulnerabilites. The IoT Inspector has been deemed to create added value for private individuals and students, but it is not recommended for commercial use in SMEs, mainly due to technical limitations and due to the fact that it transmits all collected data, albeit anonymised, to the Princeton University servers. A vulnerability assessment checklist has been developed to check a home network for gaps. This checklist has been tested with a small group of participants to gather inputs on its usablity and ability to raise awareness about important security aspects within a local network.
Studiengang: Business Information Technology (Bachelor)
Fachbereich der Arbeit: Wirtschaftsinformatik & IT-Management