Security Threats and the Internet of Things
Originally published on ITWeb.
Internet of things (IoT) is changing the world around us, but it's also making your network vulnerable to attack.
There's a new kind of attack happening, and it's targeting IoT weaknesses in the network. IOT is particularly at risk as the wide array of connected devices - both inside and outside the business - are very difficult to monitor and control.
Rene Bosman, Manager at Infoblox Africa, says: "People tend to add their own devices to the company network without informing IT, and some of these devices could be vulnerable to attack, opening a gateway for hackers. Just last week an estimated million organizations worldwide were infiltrated by a new Internet of things botnet. It's clear, a new threat requires a new approach to network security. "Traditionally IOT devices are 'dumb' devices making them vulnerable to hackers to infiltrate and use for botnet attacks".
"Pretty much every enterprise organization is vulnerable to this type of attack, especially those with complex and diverse networks and that have a combination of physical, virtual and cloud deployments."
Recovery is often a complex and labor-intensive process, so businesses that may be at risk should implement pre-emptive measures to protect themselves - and their networks. However, Bosman says before businesses can take steps to protect their infrastructure, they need to understand what they have in that infrastructure and the associated challenges faced.
"First, businesses need to get visibility across their entire network, include their extended infrastructure, virtual machines, network endpoints and even users. It's also vital to identify any non-compliant devices that may be on the network, which could be any type of IP-related device like a security camera, for example, that has been installed without the IT security team's knowledge or permission. Insecure network devices can be easily hacked," he continues. "An example at large scale we have seen about a year ago with the Mirai botnet that was inserted in CCTV IP cameras and started a large volumetric attack on the DYN DNS servers in the US, resulting in a huge outage of critical applications for hours".
Finally, the organization needs to protect itself against distributed denial of service (DDOS) attacks via the domain name system (DNS). Bosman says: "DNS has been identified as a leading attack vector for DDOS attacks."
Initiatives like IOT mean there's an increasing number of devices connected to the organization's network. If you consider any smart city initiative, there are IP connected devices that regulate parking, provide security, smart meters for power and water, that's a lot of devices being added to the network.
Bosman says: "This is why it's so critical to identify what's on the network, understand it and add the required level of security. If you consider the past year specifically, there's been a marked increase in the amount of malware and we're now seeing botnets starting to use IoT type of devices to attack a network or start a DDOS type of attack."
What Bosman is saying, is that companies with initiatives like IOT need to start thinking more about new ways in which to protect their infrastructure against these new types of threats. "The reality is that a lot of these threats are using DNS to communicate with and infiltrate a company network."
He's advocating an integrated solution that combines endpoint security but also a secure network connection for the business. "All too often the various security tools that organizations have work in silos. The lack of interoperability and inability to share threat intelligence inhibits their ability to respond effectively to attacks. What you need is visibility into DNS traffic, a multipronged approach to threat detection and integration between DNS security and other security tools within the ecosystem."
By implementing a more comprehensive, integrated strategy, organizations can ensure that wherever the network users are, regardless of whether they're in the office or at any remote location, they're still using a secure DNS connection. He says: "The business can gain more visibility into its DNS traffic, better protection for its infrastructure and it'll be able to remediate and mitigate security threats quickly."
Three steps to protecting IoT Devices
- Get a consolidated view of your entire extended infrastructure - see every network asset, every IP address and switch port, preferably consolidated into a single comprehensive database. Consider cloud initiatives, what is the physical layout of the organization and how could it get visibility across its cloud and physical environments?
- Identify non-compliant devices running old software or firmware that can be exploited. These hidden vulnerabilities can be remediated through automatic enforcement of compliance mandates and policies. What processes do you have in place for managing the configurations on your network devices? How do you manage the tracking and updating of device vulnerabilities?
- Protect your extended infrastructure from downtime caused by DNS attacks. Consider what your DNS architecture looks like, do you manage your own DNS infrastructure. If you've entirely outsourced to a cloud provider, what is the backup plan if that provider comes under attack? Are you aware of all the news about DNS attacks? What protection or mitigation do you have for DDOS attacks against DNS?