12 Steps to Stop the Next IoT Attack in its Tracks

IoT Attack

Distributed denial-of-service (DDoS) #IoT attack against DNS are a wake up call to how fragile the #Internet can be.

The IoT attack against Domain Name Servers from a botnet of thousands of devices means it’s way past time to take IoT security seriously. The bad actors around the world who previously used PCs, servers and smartphones to carry out attacks have now set their sights on the growing tidal wave of IoT devices. It’s time for consumers and enterprises to protect themselves and others by locking down their devices, gateways and platforms. While staying secure is a never-ending journey, here’s a list of twelve actions you can take to get started:

  1. Change the default usernames and passwords on your IoT devices and edge gateways to something strong.
  2. Device telemetry connections must be outbound-only. Never listen for incoming commands or you’ll get hacked.
  3. Devices should support secure boot with cryptographically signed code by the manufacturer to ensure firmware is unaltered.
  4. Devices must have enough compute power and RAM to create a transport layer security (TLS) tunnel to secure data in transit.
  5. Use devices and edge gateways that include a Trusted Platform Module (TPM) chip to securely store keys, connection strings and passwords in hardware.
  6. IoT platforms must maintain a list of authorized devices, edge gateways, associated keys and expiration dates/times to authenticate each device.
  7. The telemetry ingestion component of IoT platforms must limit IP address ranges to just those used by managed devices and edge gateways.
  8. Since embedded IoT devices and edge gateways are only secure at a single point in time, IoT platforms must be able to remotely update their firmware to keep them secure.
  9. When telemetry arrives in an IoT platform, the queue, bus or storage where data comes to rest must be encrypted.
  10. Devices and edge gateways managed by an IoT platform must update/rotate their security access tokens prior to expiration.
  11. Field gateways in the fog layer must authenticate connected IoT devices, encrypt their data at rest and then authenticate with upstream IoT platforms.
  12. IoT platforms must authenticate each device sending telemetry and blacklist compromised devices to prevent attacks.

Keeping the various components that make up the IoT value chain secure requires constant vigilance. In addition to doing your part, it’s important to hold the vendors of the IoT devices, gateways and platforms accountable for delivering technology that’s secure today and in the future.

Improve Employee Productivity by Enhancing Corporate Infrastructure to Support BYOD

Book Cover

The “Bring your own Device” #BYOD #mobile phenomenon has moved employees from 1:1 PC computing to 5:1 mobility requiring enhanced infrastructure & #cloud workloads.

More and more BYOD employees are using their own laptops, tablets and smartphones to access corporate data, apps and other services to do their jobs. It started with email in the early 2000s, progressed to synched calendars and contacts, the mobile web and then an explosion of apps. This transformation took employees from Ethernet-connected PCs to multiple, wireless-connected mobile devices.

Imagine you live in a city with 100,000 citizens. Over the course of just a few years, the population swells to 500,000. Asleep at the wheel, city leaders and civil servants didn’t build new roads, add mass-transit, increase the sewer systems or deploy new power cabling to meet the needs of this larger city. This reflects the infrastructures of most corporations today.

The BYOD tsunami combined with the impact of the Cloud and IoT requires significant infrastructure upgrades in order to cope:

  • More bandwidth via redundant, Internet connected and private fiber circuits.
  • Faster routers, switches, proxies and firewalls with increased capacity.
  • A managed Wi-Fi infrastructure using multiple channels, higher access point density and the most bandwidth possible.
  • Dramatically beefed-up DNS, email and line of business servers with shorter DHCP leases.

Improve User Productivity by building a corporate infrastructure that supports the unique needs of today’s BYOD workforce. What kinds of improvements has your organization made to its infrastructure to handle of onslaught of mobile and IoT devices?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!