IoT devices are deterministic, always-on systems that are growing in number by the billions yearly. Most of these devices are built using a version of embedded Linux. Embedded Linux has a number of ports and features that can be exploited if not appropriately closed off and secured. The research team is learning penetration testing tools and techniques to evaluate the security flaws of these systems. Further, we are developing a stripped down, secure version of embedded Linux that will be available for open-source use. This new version will close telnet and other ports that are particularly vulnerable to attack.