Secure IoT devices is not a luxury any more. Recent news headlines describe hackers intrusions into otherwise strong, well-defended networks. These hackers targeted low-profile, low-value network components like CCTV and DVRs Internet of Things (IoT) devices.
So why is IoT becoming the target of choice for skilled hackers? Well, vendors do not engineer these devices with security as first priority. Unlike servers and desktops, the IoT device firmware and operating system (OS) is highly specialized, which ironically may make it more difficult to secure.
Nevertheless, although the OS is specialized, vendor’ s engineers must make the effort to harden these platforms. Hardening is important and hardening checklists are widely used. Actions include disabling unnecessary services, using secure passwords and encrypting all sensitive data in storage and in communication.
Many actions can be performed to harden an IoT device and this is important as IoT devices are usually deployed in mass scale, are positioned out of sight and therefore administration and maintenance is usually limited. In fact, many IoT devices may be approaching end-of-support or even end-of-life.
The example of the Mirai IoT botnet that compromised millions of Internet-enabled DVRs, IP cameras, and other consumer devices should awake operators and vendors. Mirai botnet was used to launch a massive distributed denial-of-service (DDoS) attack against major DNS providers to bring down vast regions of the internet.
As our personal and business life depends more and more on Internet availability, that attack impacted peoples activities but also disrupted commercial operations.
Secure IoT devices and networks require operators to build, and implement a separate network access scheme to accommodate the IoT devices so they do not interfere with corporate network productivity. Also using automated network configuration tools that perform massive and scheduled updates of the firmware files of IoT devices is an important step.
Using a combination of technical and procedural controls, much of the IoT security risk can be alleviated.