No, this is not an old fashioned way of making one of those fancy emojis that are all the rage of the current generation. In fact, these three letters together have caused around 25% of readers possible for this article to already move onto something else. However, it is the drive of our culture today to be as connected as possible. Even I, the IT professional, recently ordered one of these devices. What was the first thing I did, but fire it up on my WLAN and tie it into my home thermostat and satellite receiver. I mean what’s cooler than being able to ask my new personal assistant to change the current tv channel??? From internet ready crock pots, thermostats, refrigerators, printers, you name it and we’ve put in on our personal and/or corporate wireless networks. However, as a society we continue to bring more and more connectivity into our lives without realizing the danger that these devices present.
In January 2016, a short 10 months ago, Cisco estimated that within 4 years worldwide adoption of IoT devices will approach 200 billion devices. That’s an average of 27 devices per person. 27! With the explosion of devices happening, how can you secure your network? How can we ensure that another attack such as the one on DynDNS in October 2016, doesn’t occur again? For corporations this is a difficult question to answer. With the various security devices on the market vying for your organization’s money, how do you pick one?
Answer: Don’t pick just one.
Over the years in an effort to simplify network management, the industry has attempted to drive a single solution for everything. We’ve seen firewalls become application aware, include SSL decryption capabilities (to see inside the roughly 40% of network traffic they previously ignored), packet shapers, and various other security roles that previously were contained in separate appliances. We have also seen other common infrastructure pieces such as access points begin to include application aware, layer 3-7 firewalls to shut down devices as close to the end user as possible. All of these security strategies are necessary to combat the assault on those very IoT devices that we have all come to know, love, and even depend upon.
What are recommendations you would suggest to help secure my environment?
1. Identify the devices on your network
This is the most basic form of security in any network. Without being aware of what devices are on the network, it is impossible to formulate an effective security strategy for your organization. The physical observation of devices around your organization is an easy initial step. However, with the ever-shrinking size of devices including wireless access, we must take device identification to another level. That level includes using security appliances and/or software to scan your network for devices. This includes products like Aruba Clearpass and Infoblox that can utilize DHCP fingerprinting to identify devices with great accuracy.
2. Control access these devices are allowed
Once devices have been identified it is critical that we contain those devices appropriately in the network to allow as little access as possible. In most cases, these devices simply need internet access where a device DMZ could be utilized. If your network isn’t properly segmented for this approach, utilize the resources you have in place already. While a WLAN network is never intended to be your only line of security, something is better than nothing. Many WLAN vendors as mentioned previously include application awareness and the ability to block access to RFC 1918 resources at the network edge.
3. Monitor network activity for unusual activity
Monitoring network activity is vital within the network, and establishing activity baselines for normal network traffic amounts, typical programs used, etc are critical in knowing if an attack is underway. This is the step that causes many administrators to roll their eyes, as they are already inundated with daily firefighting that prevents them from looking at network logs regularly. For most, reviewing logs is not only boring, but something that is only done in a reactive state to an issue that has been discovered. If you are being reactive in your log review, you have probably already been compromised without knowing it. I hope your companies’ insurance is current, and for that matter your job resume as well J.
4. Maintain security device updates/definitions
With the landscape of security threats changing daily, if not minute by minute, maintaining updates and definitions on the security devices in your network is an absolute must. Security vendors typically release daily updates, that by nature are reactive to things that have been previously evaluated in customer traffic. Augmentation of this step by utilizing new security methods such as Palo Alto Traps is vital. Programs like Traps act by not simply using the typical definitions such as AV updates, but by targeting the typical patterns used by malware. Many of you may not be aware that out of the millions of variants of malware in existence today, most all attacks can be categorized into a handful of attack vectors that a product like Traps has the unique ability to see and stop.
5. Utilize third party companies for security testing
Finally, if security is of utmost importance in your organization, consider utilizing outside resources to complete penetration testing both external and internal to your network. While the typical approach to security has been an outside-in view for years, many are finding that attacks are starting within the organization’s firewall in today’s age. That IoT device is coming preloaded with various malicious software that attacks from within, as most firewalls are utilized to stop things from getting in from the web, not out.
As always, I welcome your feedback.
*These opinions are my own and not influenced by any company mentioned specifically within this article.