Securing IoT Part I: The Network

Posted on

Threats to the IoT network are everywhere. To prevent attacks, common IoT security practices, networks and access points must be carefully and regularly evaluated.

Why Firewalls & VPNs Aren’t Enough

Firewalls and VPNs are common tools to protect IoT, but they have weaknesses. Firewalls work on a castle-and-moat security model. Firewalls build a wall around the network, but once a hacker breaches that wall, they have unrestricted access to the entire network.

VPNs possess the same flaw. While they provide secure and isolated access to the network, if that security is breached, hackers have free reign. While VPNs and firewalls can still be useful tools, they are only a part of the larger tool box of IoT security. To truly secure an IoT network, further steps must be taken.

Identify Assets & Weaknesses

The first step in securing the IoT network involves creating an inventory of all assets connected to it, from the smallest sensor to the largest machine. Access to each asset must also be identified, from employees to guests to vendors. This provides a complete picture of the network and access points from which weaknesses can be identified and managed.

Further steps include:

  • Evaluate every endpoint, which serve as access to the network. Endpoints should be up to date on security features and have strict access restrictions.
  • Identify critical functions for operation, where failure would cause significant economical, environment or safety damage. These functions should be fortified as much as possible.
  • Spotlight potential attack paths. Identify paths from access points to critical functions that attackers could exploit and take steps to safeguard these paths.
  • Know common threats. Keeping up to date on cyberthreats related to specific enterprises allows for prevention against these common attacks.

Restrict Access to the IoT Network

Once assets of a network have been identified, access to these assets must be restricted to strengthen weaknesses and fortify against attacks. A common method is to implement multifactor authentication. Having stages for authentication puts multiple blocks in the way of attackers. This ensures a hacker who obtains login information can’t immediately access network devices. The parts of a network authentication grants access to should also be limited on a need-only basis. This way a hacker who manages access through multifactor authentication still only has access to limited parts of the network.

Other methods of access restriction include:

  • Segment the network. Segmenting a network into smaller sections ensures an attacker gaining access to one section doesn’t have immediate access to all the others.
  • Reduce or remove anonymous connections. Anonymous connections are potential sources of attack since their origins are unknown. Every connection to the network should be named or otherwise identified.
  • Monitor the network to detect unauthorized devices that could serve as gateways for attack and unusual device activity that could indicate an active attack. Continuous monitoring ensures attacks can be identified and shut down quickly.
  • Implement a security model of zerotrust. A security model of trusted devices creates vulnerable pathways for hackers to exploit. A zerotrust model requires more intensive management of devices and network access but provides more stringent security.