If it’s connected to a network, it can be hacked.
Attackers can use your network to attack devices themselves, impersonate other devices, or insert rogue devices to gain unauthorized access.
They can spread across a trusted network, spy on activities and steal data. They can launch a distributed denial-of-service (DDoS) attack on others. Unsecured connections can lead to operational interruptions, theft of sensitive data and regulatory non-compliance.
Follow these best practices for IoT connection security.
- Connect carefully and deliberately. Consider whether the IoT devices need to be connected to the network all the time or just some of the time, given the use case and risk level. Direct internet connections may not be necessary, especially for industrial IoT deployments. Instead, the devices may connect to a local IoT network that can aggregate and evaluate critical information.
- Identify all devices on the network. Situational awareness depends on knowing what devices are connected to the network at all times. Use tools to identify every device, whether IoT or a traditional endpoint, and regardless of connection type. An old-fashioned static inventory list simply won’t cut it in a dynamic IoT deployment.
- Authenticate and onboard. All devices should be properly authenticated before being permitted access to the network. Use identity-based access controls so you can establish and enforce access privileges based on the user identity, device type, location, time of day and other factors. Multi-factor authentication adds a layer of security, but it may not be possible for autonomous devices. Identity and access management is different for IoT devices. Each device may be used by more than one user, and a user may interact with multiple devices. Gartner identified the Identity of Things as a new component to identity management for IoT and calls for a more complex definition of relationships among devices—between a device and a human, a device and another device, a device and an application or a human and an application.
- Encrypt data in transit. While data from individual sensors or other connected devices may seem insignificant on its own, when aggregated, it could reveal patterns. Some IoT devices can use SSL/ TLS encryption successfully, and lightweight cryptography is emerging for IoT devices that can’t run traditional encryption algorithms. IPSec VPNs can also be used to provide AES encryption. Non-IP-enabled connected devices are typically resource-constrained and connect only over short distance communications protocols such as ZigBee or Bluetooth. These types of devices will need to rely on an IoT gateway for encryption.
- Segment the network. Isolating connected devices in their own segment will help contain the risk of the threat spreading when there is an attack. It will be harder for attackers to move laterally across the network and propagate their damage to other devices.
- Monitor the network in real time. Continuously monitor the network to identify if any connected devices are behaving strangely. Unusual behavior might indicate a compromise. A suspect device should be quarantined or have its network access blocked completely, depending on the risk profile of the device. Additionally, devices should be immediately detected when they connect to the network for the first time.
Download the eBook Using Secure IoT to Drive Business Growth to explore the potential of IoT in the enterprise, which industries are paving the way, and how to secure your connected things.
Source: Great Bay Software