It’s no longer just your laptop or desktop that is connected to the internet. In today’s world just about anything can be wired up to the internet and this holds true in the corporate environment just as much as in your home. IoT, or Internet of Things, is a term used to describe the variety of devices that are internet connected. The interconnection that now exists can be of great use – everything from a lightbulb to a mailbox can be cloud connected and by leveraging internet connectivity, devices are able to provide enhanced functionality. Unfortunately, this also opens up the opportunity for hackers and ill intended organizations to actively take advantage of this newly found connectivity between devices. As a result, cybercriminals are now able to penetrate the network perimeter of organizations in ways that have not been seen before.
Some key mitigations for protecting your workplace against IoT based attacks include:
- Don’t keep all of your eggs in one basket; create separate network zones for IoT systems; air gap them from other critical networks where possible.
- Don’t allow direct ingress or egress connectivity to the internet; don’t forget the importance of an inline proxy or content filtering system.
- Change default credentials on devices; use strong and unique passwords for device accounts and WiFi networks.
- Regularly monitor events and logs; hunt for threats at endpoints, as well as at the network level; scan for open remote access protocols on your network and disable commonly unused and unsecured features and services (such as Universal Plug and Play (UPnP) and Real Time Streaming Protocol (RTSP)) that aren’t required.
- Include IoT devices in IT asset inventory; regularly check manufacturer websites for firmware updates. Read more about additional mitigation efforts in Verizon’s Data Breach Digest.
Now, these mitigations are important steps to take, but what happens if you don’t know exactly what is on your network? How often does a large or even small corporate environment keep a perfectly maintained inventory of every single network connected device? Do you even know the exact number of devices on your home network? Exactly.
The corporate environment is far from perfect and in many cases, you will need help identifying where and what devices are connected to your network. That’s where a NAC solution comes into play. A NAC (Network Access Control) solution gives you the ability to authenticate and control what devices are permitted onto your network.
ForeScout CounterACT is a NAC-like tool that takes the idea of network visibility and control to another level. With CounterACT, you are provided with full network visibility and manageability allowing you to identify unmanaged devices and proceed with the necessary mitigations strategies. This way, you are mitigating risks while utilizing a proactive tool that will help prevent potential threats from unauthorized devices. Read more about ForeScout and their CounterACT solution here.
It is important to remember that your devices and network should be assessed to reduce cyber security threats. At Netrix, we are always creating new ways to keep security at the forefront for our clients and networks. For more information on protecting your network from IoT based attacks, contact us today.