IoT is a windfall for many industries, but like any relatively new technology architecture, it also has its challenges – most prevalent is security. In part one of this blog post, we outlined how businesses are connecting multiple devices to provide actionable data to help increase efficiencies within their organizations. In this blog post, we will talk about how to secure these machines.
The National Institute of Standards and Technology (NIST) explains that widespread IoT adoption has increased the likelihood of cyber attacks such as DDoS (A Distributed Denial of Service). “The attackers have been able to exploit the relative security weaknesses in IoT devices, like internet-connected cameras and DVRs, using malware to create networks of these computers, known as botnets, that report to a central control server that can be used as a staging ground for launching powerful DDoS attacks.”
IndustryWeek explains that “..IoT devices are genuine computers (that) operate on Windows-based platforms or … LINUX…(and) their architecture and operating conventions are familiar to hackers, who have mastered and automated ways of exploiting their vulnerabilities. This is especially true if the underlying platform is older and no longer supported…”
What the Experts Recommend: Visibility and Control of all Devices Connected to Network
Rockwell, an early adopter of IoT, understood the risks and had security concerns around cybercriminals reaching its manufacturing plants. Therefore, Network World reported that Rockwell made “…sure its IoT service used a gateway device that only connected to the cloud using outbound port 443 (https/TLS); the gateway is architected so that it only makes outbound calls and only receives updates from the cloud in a response to calls it has initiated.” In other words, they configured the IoT devices to communicate in the most secure manner without reducing the device’s effectiveness for their needs.
IndustryWeek advises that an effective IoT security strategy should start with an inventory of a company’s network assets including “…unauthorized or previously unmanaged devices, such as security cameras, monitors, machine sensors …that have been plugged into the company’s network…” This ensures that IT or the security team has insight into normal network activities in order to recognize suspicious incidences, according to IndustryWeek.
Tips to Securing IoT Devices (as reported by The National Institute of Standards and Technology (NIST) and IndustryWeek):
- Configuring firewalls and proxy devices. Firewalls and proxy devices must be properly configured to identify and block malicious traffic.
- Changing default configurations. Whenever possible, the passwords, ports and protocols that IoT devices use should be changed from their default configurations, which hackers commonly use in malware attacks.
- Updating and installing patches. Every IoT device’s firmware should be updated to the latest version.
- Performing regular security assessments. Regular security assessments are important for both visibility and control.
The Internet of Things is a game changer, but organizations must ensure their network is set up to secure and manage these new devices. DiamondIT has the expertise to help secure and manage an IoT infrastructure. For more information: www.diamondit.pro or call (877) 716 – 8324