iot security (13)
Long before the global pandemic made its way around the world, enterprises were already providing at least some of their workers the ability to work remotely. Whether it was salespeople on the road, or telecommuters working from home a few days per week, some small percentage of employees needed access to their corporate resources from some remote location.
Then it seemed that overnight, millions of workers worldwide were told to isolate and work from home as best as they could. Businesses were suddenly forced to enable remote access for hundreds or thousands of users, all at once, from anywhere across the globe. Many companies that already offered VPN services to a small group of remote workers scurried to extend those capabilities to the much larger workforce sequestering at home. It was a decision made in haste out of necessity, but now it’s time to consider, is VPN the best remote access technology for the enterprise, or can other technologies provide a better long-term solution?
Long-term Remote Access Could Be the Norm for Some Time
Some knowledge workers are trickling back to their actual offices, but many more are still at home and will be for some time. Global Workplace Analytics estimates that 25-30% of the workforce will still be working from home multiple days a week by the end of 2021. Others may never return to an official office, opting to remain a work-from-home (WFH) employee for good.
Consequently, enterprises need to find a remote access solution that gives home-based workers a similar experience as they would have in the office, including ease of use, good performance, and a fully secure network access experience. What’s more, the solution must be cost effective and easy to administer without the need to add more technical staff members.
VPNs are certainly one option, but not the only one. Other choices include appliance-based SD-WAN and SASE. Let’s have a look at each approach.
VPNs Weren’t Designed to Support an Entire Workforce
While VPNs are a useful remote access solution for a small portion of the workforce, they are an inefficient technology for giving remote access to a very large number of workers. VPNs are designed for point-to-point connectivity, so each secure connection between two points – presumably a remote worker and a network access server (NAS) in a datacenter – requires its own VPN link. Each NAS has a finite capacity for simultaneous users, so for a large remote user base, some serious infrastructure may be needed in the datacenter.
Performance can be an issue. With a VPN, all communication between the user and the VPN is encrypted. The encryption process takes time, and depending on the type of encryption used, this may add noticeable latency to Internet communications. More important, however, is the latency added when a remote user needs access to IaaS and SaaS applications and services. The traffic path is convoluted because it must travel between the end user and the NAS before then going out to the cloud, and vice versa on the way back.
An important issue with VPNs is that they provide overly broad access to the entire network without the option of controlling granular user access to specific resources. Stolen VPN credentials have been implicated in several high-profile data breaches. By using legitimate credentials and connecting through a VPN, attackers were able to infiltrate and move freely through targeted company networks. What’s more, there is no scrutiny of the security posture of the connecting device, which could allow malware to enter the network via insecure user devices.
SD-WAN Brings Intelligence into Routing Remote Users’ Traffic
Another option for providing remote access for home-based workers is appliance-based SD-WAN. It brings a level of intelligence to the connectivity that VPNs don’t have. Lee Doyle, principal analyst with Doyle Research, outlines the benefits of using SD-WAN to connect home office users to their enterprise network:
- Prioritization for mission-critical and latency-sensitive applications
- Accelerated access to cloud-based services
- Enhanced security via encryption, VPNs, firewalls and integration with cloud-based security
- Centralized management tools for IT administrators
One thing to consider about appliance-based SD-WAN is that it’s primarily designed for branch office connectivity—though it can accommodate individual users at home as well. However, if a company isn’t already using SD-WAN, this isn’t a technology that is easy to implement and setup for hundreds or thousands of home-based users. What’s more, a significant investment must be made in the various communication and security appliances.
SASE Provides a Simpler, More Secure, Easily Scalable Solution
Cato’s Secure Access Service Edge (or SASE) platform provides a great alternative to VPN for remote access by many simultaneous workers. The platform offers scalable access, optimized connectivity, and integrated threat prevention that are needed to support continuous large-scale remote access.
Companies that enable WFH using Cato’s platform can scale quickly to any number of remote users with ease. There is no need to set up regional hubs or VPN concentrators. The SASE service is built on top of dozens of globally distributed Points of Presence (PoPs) maintained by Cato to deliver a wide range of security and networking services close to all locations and users. The complexity of scaling is all hidden in the Cato-provided PoPs, so there is no infrastructure for the organization to purchase, configure or deploy. Giving end users remote access is as simple as installing a client agent on the user’s device, or by providing clientless access to specific applications via a secure browser.
Cato’s SASE platform employs Zero Trust Network Access in granting users access to the specific resources and applications they need to use. This granular-level security is part of the identity-driven approach to network access that SASE demands. Since all traffic passes through a full network security stack built into the SASE service, multi-factor authentication, full access control, and threat prevention are applied to traffic from remote users. All processing is done within the PoP closest to the users while enforcing all corporate network and security policies. This eliminates the “trombone effect” associated with forcing traffic to specific security choke points on a network. Further, admins have consistent visibility and control of all traffic throughout the enterprise WAN.
SASE Supports WFH in the Short-term and Long-term
While some workers are venturing back to their offices, many more are still working from home—and may work from home permanently. The Cato SASE platform is the ideal way to give them access to their usual network environment without forcing them to go through insecure and inconvenient VPNs.
Originally posted here
Today, the IoT devices are largely used by industries and households, smart bulbs can adjust the intensity of light by themselves, doctors can check the patient data remotely, IoT sensors can help in warehousing, and more, the potential is seemingly endless. There are billions of IoT devices on the field and billions more are expected in the next few years. The data that IoT devices produce are stored on the cloud, for example, a health monitor collects all the information about our health and stores it on the cloud. This information is further analyzed to provide us better services, but on the other hand if someone manages to get the data they can violate our privacy. Thus it is important to ensure the confidentiality and integrity of IoT solutions while mitigating the cybersecurity risks. There are many ways attackers can make their way into your system.
Most common IoT cyber attacks are:
Botnets
A botnet is a network of systems combined to remotely take control of distributing malware, controlled by botnet operators via Command-and-Control-Servers (C&C servers). They are used by attackers on a large scale for many things such as stealing private information, exploiting online banking data or spam, and phishing emails.
Man-in-the-middle
The man-in-the-middle concept is where an attacker is looking to interrupt and breach communication between two separate systems. It can be a dangerous attack because it is one where the attacker secretly intercepts and transmits messages between two parties when they are under the belief that they are communicating directly with each other.
Identity Theft
The main strategy of identity theft is to amass data, and with a little bit of patience, a lot of information can be fetched out. Generally, data is available on the internet, combined with social media information and data from smartwatches, fitness trackers, smart meters, smart fridges, and more. These data give a great all-around idea of your identity.
Recent research indicates that 85% of customers lack confidence in IoT device security, it is important to ensure the security of IoT devices by eliminating the IoT cybersecurity risk.
Here are some best practices to ensure IoT cybersecurity:
Secure Boot
The secure boot helps a system to stop attacks and infections from malware, it is a feature embedded with IoT devices to detect tampering with the system. It works like a security gate as it restricts unauthorized access by validating the digital signature, detections are blocked from running before they attack the system. Deploying secure boot in the IoT ecosystem is important to ensure cybersecurity.
Secured passwords with two-factor authentication
You can activate two-factor authentication on almost any IoT device, it is important because it ensures authorized access to devices and automates trust into the system. Having two-factor authentication enabled with unusual passwords keeps IoT devices secure from being vulnerable to cyber attacks, it restricts attackers from making their way into the system.
Disabling the UPnP feature
UPnP feature allows an IoT device to get connected with other IoT devices, for example, smart bulbs can be paired with Google Home to turn it off or on via voice command. It is a feature that is convenient for users but poses cybersecurity risks at the same time. If hackers manage to make their way in one device they will easily be able to find another device that is connected. We can easily disable the UPnP feature as most of the IoT devices allow you to disable the UPnP feature from their settings.
Secure data storage
Keeping data in a large enterprise system is secured but the flash storage of a particular embedded device holds some important data from time to time that is not immediately secured or encrypted which can open you up to cybersecurity risk. Thus it is important to have system-level encryption of data for storage of sensitive information. If we do not encrypt the flash storage on the embedded device, someone can easily have their peak at your data.
Bottom Line
Securing IoT devices from cyberattacks is important for households and it is equally important for industries to ensure the confidentiality and integrity of their IoT devices and data produced by IoT devices. Researchers find that data breaches linked to IoT devices have increased rapidly in the past few years, according to a study by Ponemon, the number of cyberattacks due to unsecured connected devices have increased from 15% to 25% in the last two years. Thus securing the IoT devices can never be downplayed.
Author Bio-
Piyush Jain is the founder and CEO of Simpalm, an app development company in Virginia. Piyush founded Simpalm in 2009 and has grown it to be a leading mobile and web development company in the DMV area. With a Ph.D. from Johns Hopkins and a strong background in technology and entrepreneurship, he understands how to solve problems using technology. Under his leadership, Simpalm has delivered 300+ mobile apps and web solutions to clients in startups, enterprises and the federal sector.
IoT security challenges
IoT is a complex network of billions of Internet-connected devices that collect and transmit huge amounts of data across of a wide range of devices (sensors, robots, machinery, mobile apps, digital assistants, etc.) and integrated systems. Also, the data have to pass different administrative boundaries with different policies. Certainly, all of it creates challenges for protecting the IoT ecosystem.
First, companies and organizations have to ensure privacy and confidentiality of user data. Second, data communications should be protected at all levels. So, when building an IoT solution, take care of the “right” data delivery including the right place, time, and form. Third, make all interactions traced and monitored so that suspicious activities will be instantly detected.
There are many IoT security risks and challenges you should know and prevent when developing an IoT project. In terms of increased worry about cyber attacks and data privacy, companies have to establish new security models and integrate innovative technologies. In the IoT world, the use of Blockchain is an emerging trend promising to solve most or even all of IoT security issues.
What is Blockchain
Blockchain is a technology of the distributed ledger that maintains a continuously increasing number of transactions. Representing an immutable and inconvertible record and being based on cryptographic algorithms, Blockchain provides data security and protects data.
As Blockchain is decentralized, there is no central authority or regulatory body required for transaction approval and management. A distributed technology nature makes computer servers to come to a consensus, allowing transactions to be carried out anonymously and without intermediaries.
Blockchain is also about trust: cryptography is used to prevent technical data forge and distortion. In the chain of blocks, each block contains a hash serving as a link to the previous one. Thus, it’s impossible to substitute an intermediate block in the finished chain.
So, Blockchain provides a high-security level. While the tool is the same, it has many successful applications in a variety of business industries. Mika Lammi, Kinno’s Head of IoT Business Development, Kouvola Innovation Ltd, said: “I believe Blockchain to be one of the truly disruptive and innovative application areas in the world now, and that it will create huge waves across all imaginable business sectors”.
Blockchain and IoT
Coming up with decentralized, autonomous, and data protection capabilities, Blockchain has a great potential to secure the IoT ecosystem. In the Internet of Things, Blockchain can keep an immutable record of connected devices’ activities and automatically maintain the history of their communications.
What’s more, by integrating the technology, companies and organizations can allow trustless safe message exchanges between IoT devices. In this case, Blockchain will work like in financial transactions: data is transmitted between multiple devices and delivered to the places required. To enable peer-to-peer messaging, businesses can integrate Ethereum smart contracts serving as the agreement between two parties.
For example, let’s take Blockchain and IoT linked together to improve manufacturing operations. Here the use of Blockchain can enable smart devices to not only exchange data, but even automatically execute financial transactions. IoT devices monitor machinery and equipment health, alert managers about problems, and order repairs when required.
In the agriculture industry, farmers can place IoT devices to collect data about crops in order to ensure an efficient functioning of the irrigation system. Smart contracts describe how the solution parts (analytics system, sensors, etc.) should behave based on the conditions defined. This approach helps provide automatic water management.
Blockchain advantages for IoT security:
- Immutable record of all data communications
- Monitoring of suspicious activities
- Prevention of data forge and distortion
- Peer-to-peer messaging between IoT devices
- Autonomous functioning of smart devices
Today, Blockchain is one of the most promising trends in IoT security field. Decentralized and data protection capabilities make Blockchain a perfect part of IoT solutions. Understanding the technology prospects, many companies have already integrated Blockchain to solve IoT security challenges.
The Internet of Things plays an important role in today’s life, affecting a plenty of businesses and changing the way we work, live, and entertain. Coming up with workflow automation, remote equipment monitoring, inventory tracking, and real-time data collection, IoT promises to bring innovation in various industries.
Understanding high IoT potential, companies and corporations invest in IoT projects, startups, and initiatives. According to New IDC Spending Guide, the worldwide IoT spending is predicted to reach nearly $1.4 trillion in 2021. What’s more, Gartner research expects the number of IoT-enabled devices will be about 21 billion by 2020.
Though IoT provides many advantages and opportunities, there remain IoT security risks and challenges, that now are of the highest concern. Since today almost everything can be hacked, businesses have to look for and integrate new security mechanisms allowing to ensure data and device protection.
The main IoT security risks
1. Data Leaks
Smart devices collect and transmit various data that may involve such important information as credit card numbers, zip codes, customer locations, camera images, IP addresses, and much more. A leakage of private/personal/business/financial data can lead a company to money and reputation losses, and harm people’s lives.
2. User verification
Misconfiguration and default passwords use are common reasons for the appearance of device/data vulnerabilities. That’s why engineers should implement the ability for customers to create their own passwords while establishing the highest level of password reliability that all users have to follow.
3. Lack of regulations
Unfortunately, there are often no regulations for IoT devices. The creation of a standards-based approach to security should be a top-priority task for companies, organizations, and even governments.
4. Unknown surveillance
Often unprotected IoT devices can be accessed by any remote user or at least can be easily hacked. The consequences can be poor: for instance, streaming and selling private videos and images (including those from stores, shopping centers, etc.).
IoT security recommendations
1. Focus on data traffic monitoring. Imagine a cloud IoT solution, that monitors both inbound and outbound traffic, traces all suspicious activities, blocks unsafe communications, instantly alerts users and the central system about potential problems, and prevents data leaks.
2. Implement end-to-end encryption in your application, the most reliable way to protect user data. Famous mobile messengers WhatsApp and Viber added the support of e2e encryption long ago. If your project implies many data/user communications, you can use this approach too.
3. Use reliable tools that help ensure data confidentiality and privacy as well as build a secure and scalable data storage. Integrate a feature of suspicious activity and malicious code monitoring. For example, today we can see an increasing use of AI technology for real-time security monitoring.
4. Focus on testing activities. When developing an IoT solution, pay a lot of attention to the testing/QA process. It’s much better to prevent any security issues at the pre-release stage than waste time for bug fixing after.
5. Integrate a Blockchain decentralized approach. Since Blockchain is based on cryptographic algorithms, it helps protect and manage data. Blockchain has all transactions (interactions) recorded, so the history of smart devices will be also recorded. At the moment, the use of Blockchain for securing the Internet of Things is one of the emerging and most promising trends.
As you see, there are really good ways to minimize IoT security vulnerabilities. Here I should note that one of the best recommendations for developing a successful IoT project is to apply to a reliable IT company that would focus on security and data privacy issues. Also, when choosing the company, pay attention whether it meets the GDPR requirements, which will be especially important from the regulation enforcement on May 25, 2018.
This is my first post on IoT Central. Looking forward to hearing more about IoT from the members.
I am curious to see what people think of the MKR Labs report on how hackers can turn your Amazon Echo into a listening device. According to the report, tt seems one of Amazon's most popular and new products is vulnerable to "a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering." This type of malware can give hackers remote access to your Echo. It will also give them the ability to grab customer authentication tokens and the ability to stream live microphone audio to any other remote services without altering the functionality of the device.
Today, GearBrain did a post on this news. I am curious to see what others think about this type of hacking and how big of an issue you think this is to Amazon and other manufacturers of voice controlled digital assistants like Echo.
The Internet of Things is changing the world, heralded as one of the most pivotal technology trends of the modern era. We are getting ready to enter a time where everything, quite literally, is connected to the Internet.
For the industrial sector, this is a new area of exploration. Factories have smart infrastructures that use sensors to relay data about machine performance. Cities have smart grids that monitor everything from traffic to the energy used by streetlights. Hospitals can monitor the health of high-risk, at-home patients.
In other words, we are entering a hacker's dream world.
Recent attacks, like the Christmas 2015 attack on the Ukraine power grid, have shown that the Internet of Things possesses severe vulnerabilities. These weak points can be everything from back doors that allow a hacker access to a system to lack of proper use by untrained workers. If your business uses IoT devices, there’s a good chance they are not secure.
Why are so many systems left vulnerable? Weaknesses often come from the same set of five drivers:
Source: Allerin
Whether your company is struggling because your devices were deployed too quickly or operational costs constraints got in the way, your team must take measures to fix security risks. Here are four security flaws:
1. Lack of Encryption
Any device that is connected to the Internet to relay data needs encryption. When communication between devices and facility machines are now encrypted, it provides a doorway for hackers to send malicious updates, steal data, and even take control of the system.
In 2014, an Israeli security firm took control of cars using a specific connected telematics device that failed to use proper encryption.
2. Failing to Install Updates
Once you have a machine-to-machine communication system working properly, it can be easy to forget to install the necessary updates to keep the network secure.
Yet, hackers are constantly updating their strategies and tactics. Failing to install updates and patches leaves your system vulnerable.
Even if you’re worried about breaking integrations between systems, you should at the least install every security update released by the vendor. These updates are specifically designed to address vulnerabilities discovered in your devices. After all, if your vendor releases a security update, it’s because they found a problem.
You also should know that updates and patches are not always the final solution to security vulnerabilities. Unfortunately, many manufacturers are not able or willing to provide the necessary support to continue updating their devices.
To avoid this risk, shop carefully for systems that provide updates and are backed by a trusted company.
3. Poorly Built Networks
The modern industrial network is designed to get tasks done. If the design focuses too much on completing that task, it will leave weak points in security. Things that are obvious when building IT networks are sometimes less obvious when creating industrial DNP3 and other network architecture.
The solution to this risk is fairly simple. Those tasked with building industrial networks need to ensure they are partnering with IT professionals to build networks that are safer from attacks. Security features, like deep packet inspection and network segmentation, should be in place from the beginning.
4. Sensors Outside of the Company's Control
Most of the sensors and other connected pieces that make up a network are controlled by the company. But for some companies, that is not the case. For example, power companies have sensors in their customer's homes.
Sensors outside of the company's immediate control are hard to secure, which gives hackers access. Currently, cloud-based security using public key services to authenticate devices may be the best solution to this problem.
Don't Take The Risk
Industrial security breaches can cause devastating consequences. Therefore, the above risks need to be addressed.
As more industrial facilities rely on the Internet of Things, it's important for company teams to be aware of the potential vulnerabilities. Take security into full consideration.
