Security Bytes - Feb 2016 - Gadgets Gadgets Everywhere
I am sure all my readers have heard the term “IOT” or Internet of Things mentioned somewhere in a magazine or a TV show. Generally, that term refers to all the gadgets / Internet enabled devices we buy and place on our home of business networks.
Usually one does not even give a second thought to setting up an Internet enabled doorbells, thermostats or cameras on our home WiFi because we are a society that just embraces gadgets! Remember that all the gaming consoles / smart appliances or any other device that connects to the Internet from the home can be classified as an IOT device. I am also one of those that uses many of these IOT devices on my own networks, but one thing needs to be looked at carefully! How secure are these devices? We purchase these from vendors that may be established or may just be upstarts that may have limited software development budgets and we have NO easy way of checking how do these devices communicate on our networks. We take a leap of faith and put these devices on our networks assuming they have been tested to be secure and many times we trust these devices to add security to our home or business.
Recently there have been some reports of vulnerabilities in some of these devices that could potentially give intruders access to the networks these devices care connected to. The good news is that most of the issues found in their security were responsibly reported to the manufacturers and fixed well before the problems were made public. However, this DOES raise a question about what to do on a small network to mitigate this potential threat from the gadgets we love.
For years many large corporations have segmented their networks in other to provide better security and also to streamline better data traffic flow in and out of their networks. It is time that even home networks need to be optimized for security and integrity. Most home routers today com with the ability to create multiple / segregated WiFi and wired networks and have wizards (tools) to help simplify the process of setting op these networks for you. I highly recommend placing all the devices classified as IOT gadgets on a private network that has access to the Internet but NOT to any other machines that are sensitive to you. By doing this the devices can perform the functions they are designed for but if a device is compromised, the damage to your home / business network can limited.
In some cases, where there may be many devices I would recommend using a business class firewall that has the ability to put these devices in groups that can be monitored by explicit rules on the firewall. I know that on one of my networks I have more that 50 IOT devices connected, that could potentially represent multiple vectors fro entry to my network if they are not isolated and controlled.
Technology is advancing very quickly and we are just at the beginning of amazing devices that can help us with everyday life and business, but as these devices proliferate our networks we have to stay vigilant with regards to what is critical on our networks for day to day functionality.
-Paul Mavrovic, CISSP