HomeIoT Security / IoT Beginner Guidelines
IoT Security

IoT Beginner Guidelines

Post read time 3 min read

IoT stands for “Internet of Things” which are any objects that are connected to the internet. These devices could include cameras, fridges, smart home devices, smart watches, medical devices, etc. IoT devices have provided convenience and efficiency but have introduced security challenges that must be addressed.

Common Vulnerabilities in IoT Devices

  1. Weak or default passwords
    o Many IoT devices have simple default passwords that can be easily guessed. These default passwords must be changed to a stronger password.
  2. Insecure non-encrypted communication
    o The communication to and from the IoT devices should use encryption like SSL/TLS to secure communication. Wireshark can be used to see if the communication is encrypted.
  3. Outdated or unsupported software
    o IoT devices can often be overlooked and not be a priority. Security updates and patches should be implemented on a regular basis.
  4. Least privilege
    o All users should not be able to have administrator or user access on the IoT devices. Recommended that only one account should have administrator access to the IoT devices to decrease the attack surface on your company’s network.
  5. Lack of Physical Security
    o IoT devices should be properly protected from humans tampering with them. Physical security controls could include locks and be placed in security buildings.

IoT Attack Types

  1. Brute force password attacks
    o Default and easily guessed passwords can lead to cracked passwords.
  2. Distributed Denial of Service / Botnet Attacks (DDoS)
    o It is common for IoT devices to be infected and used as “zombies” in DDoS attacks to overwhelm a server to take down the service or application.
  3. Ransomware
    o Attackers could spread ransomware to IoT devices in which the devices become unusable.
  4. Eavesdropping / Man in the Middle Attacks
    o Attackers can listen and collect data transmitting from the IoT device to its destination by acting like a middleman. A server would be set up, and the attacker would direct the IoT traffic to them first before redirecting the traffic to its destination.
  5. Firmware Hijacking
    o Attackers target the firmware which sits beneath the operating system. Once the IoT device is exploited, the attacker would have root access and full control of the device.

Now that we understand the vulnerabilities and attack types, as cybersecurity professionals we must understand the best techniques for deploying and maintaining these IoT devices in our network.

Best Practice for Deploying

  1. Network Segmentation
    o IoT devices should be segmented on their own network away from production servers and sensitive data.
    o Proper security systems like IPS/IDS should be deployed on the network to monitor and mitigate suspicious traffic.
  2. Device Hardening
    o Reduce the attack service by removing all unnecessary software and functionalities on the IoT device.
    o Disable all unnecessary ports and services on the IoT devices to only allow necessary traffic.
  3. Monitoring and Logging
    o Implement security systems to monitor all traffic going to and from the IoT device.
    o Log management systems like a SIEM should collect and analyze any suspicious behavior.
  4. Vulnerability Management
    o Patches should be applied on a regular basis to receive firmware and software updates.
    o Recommended for patches to be implemented automatically outside of working hours to minimize impact.
    o Proper rollback plans should be created in case of a misfunction in an IoT device after the update.
  5. Incident Response Plans
    o Develop an incident response plan that includes how to address security incidents that happen with IoT devices.
    o Drills should be conducted to test the effectiveness of the plan.

Best Practice for Maintaining

  1. Security Assessments
    o Vulnerability scans should be conducted on a regular basis to identify all weaknesses in the company network.
    o Penetration Testing should evaluate the effectiveness of security measures.
  2. Compliance
    o Compliance standards and regulations should be followed.
    o In-house security audits and third-party assessment from security experts should be conducted.
  3. Lifecycle Management
    o End of Life IoT devices should be properly decommissioned to protect the company’s network from vulnerabilities that cannot be patched. These devices should be removed or replaced.
    o Proper data wiping procedures should remove all sensitive data.
  4. Documentation and Reporting
    o Maintain documentation of IoT device configuration, risk assessments, pentesting and vulnerability reports, and incident events.
    o Regular reports should be given to stakeholders and upper management on the company’s security posture.

Conclusion

By following these best practices for deploying and maintaining IoT devices, companies can minimize security risks. IoT attacks are becoming more common, and it is important for companies to protect every endpoint on their network. Cybersecurity professionals should seek to stay informed of emerging threats and vulnerabilities to these small, but important devices to protect.

Author: James Rawlings

View all posts by James Rawlings >

Leave a Reply

Your email address will not be published. Required fields are marked *