Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

Protecting the Internet of Things

IoT

The largest growth of devices connected to the Internet are not computers, but devices designed to perform a specific function. These devices include cameras, smart phones, light bulbs, Amazon Echos, garage door openers, TVs, automobiles, sound systems, programmable logic controllers (PLCs), HVAC systems, elevators, security systems, ovens, refrigerators, thermostats, water heaters, heart monitoring systems and more. These devices are part of the Internet of Things (IoT) that is flooding the Internet with new devices. This explosion of new devices is creating massive new security concerns.

All of the IoT devices share a common foundation - modified versions of the Linux operating system. The popularity of Linux is because most versions of Linux are free with access to the source code. The operating systems are then highly modified to adapt to nearly any device. While this flexibility has caused an explosion of devices that we can not monitor and manage over the Internet, it also possesses security problems since at their core, every IoT device is a Linux computer with usernames, passwords and vulnerabilities.

The New Jersey Cyber Security and Communications Integration Cell (NJCCIC) provides security focused companies like DeckerWright Corporation weekly and emergency updates on the state of cyber threats. The reporting of cyber threats on IoT devices has grown exponentially over the last year. Why is that? First, there has been an explosion of new IoT devices, the more attack surfaces. Second, IoT manufacturers are not typically well versed in cyber security . As a result, IoT devices are often released with little regard for security after the basic device functions are proven to work. Third, most IoT devices are never upgraded with new "firmware". As a manufacturers have become more tuned into the security risks associated with their products, they have been issuing "firmware" updates to patch security holes. When was the last time anyone upgraded the firmware in their network camera? Fourth, as cyber criminals begin to notice the vulnerability of IoT devices, they are developing methods for identifying IoT devices and are publishing successful exploits on the dark web. We are only seeing the first generation of exploits targeting IoT devices. Expect the next generation to be much more targeted and ferocious.

Unfortunately, anti-virus (AV) software companies don't have any solutions for protecting IoT devices. Even with a common Linux operating system base, the Linux systems are so highly customized that AV software companies have no way to write software to protect them.

Here are some ways to protect your IoT devices from being compromised by cyber criminals.

  • Always place your IoT device behind a firewall that can be used to monitor and restrict access to the IoT device.
  • At least every six months, check your IoT devices firmware to make sure you are running the most current version.
  • If possible, only setup IoT devices behind firewalls with NO internet access.
  • ALWAYS change the default password on the device to a complex password or a pass phrase.

Our industry is scrambling to come up with ways to monitor and protect IoT devices on networks. The best defense we have today are Security Information and Event Management (SIEM) systems which can quickly identify suspicious network activity and alert cyber security experts. Since the devices will never be smart enough to defend themselves, we must rely on perimeter technology, advanced monitoring and proper device setup to protect the ever growing population of IoT devices.

Click HERE for more information.

Should There Be Independent Cloud Backups?
Windows 7 End of Life

Mobile? Grab this Article!

Qr Code

Latest Blog

Many insurance companies are jumping into the market for cyber insurance. It is a cut throat business with each insurance company trying to underbid the other or add additional protection features. The net result has been a flood of insurance products at low prices. Why...

Account Login