IoT devices frequently have security vulnerabilities. IT networking and security professionals should follow these best practices to plug the gaps.
Paul Kaspian, Senior Marketing Manager for Enterprise Security at Aruba, a Hewlett Packard Enterprise company.
The adoption of IoT has created a huge shift in how we approach IT infrastructure and has become a significant driver of the move to the edge. With a myriad of different devices and sensors now connecting at the edge and generating large amounts of data, business services and rich analytics previously thought to be too expensive or impractical to deliver are now possible. Unfortunately, this explosive growth is also fueling a growing attack surface for hackers to exploit and putting many organizations at risk of a security incident. In fact, many IT professionals are not even aware of the large number of new IoT devices coming onto their network daily, making it impossible to address the risk they introduce from a security standpoint.
Vulnerabilities Abound: A Lack of Built-in Security
Although there is admittedly much more awareness around the problem of insecure IoT devices, these devices continue to be plagued with a wide range of vulnerabilities. Organizations such as OWASP have advocated for more secure standards in the development of these devices, which has brought more awareness and due diligence to the problem. That being said, these devices have broad vulnerabilities that span weak passwords and authentication schemes, unnecessary available services and open ports, insecure firmware, and many more. Given this situation, it is critical that IT networking and security professionals follow security best practices to apply security controls to these devices.
Visibility is Job One: Unsanctioned and Poorly Classified IoT Devices
You can’t address security considerations if you don’t even know a device is connecting to the network. So, the first critical step is getting visibility into the full spectrum of “things” that are connecting to the network. Many organizations have a twofold visibility problem:
- Numerous devices that they don’t know about are connecting to the network.
- Many devices that they know about are simply shown as generic “Windows” or “Linux” devices.
At Aruba, we help customers highlight these issues with ClearPass Device Insight which uses Deep Packet Inspection (DPI) and Machine Learning (ML) to accurately profile each device connecting to the network.
After devices are inventoried, another security best practice is to ensure that every device is authenticating in the most secure way it supports. This varies greatly by device type, but the strongest scheme supported should be used.
Applying Zero Trust “Least Access” to all Devices
One fundamental security best practice and a key philosophical underpinning of a Zero Trust approach to security is to provide the minimal amount of access only that a particular device needs to do its job. In fact, unlike users who require broad access and have unpredictable use patterns, IoT devices typically have a singular purpose on the network and communicate with a small number of other devices only, using a narrow set of protocols, services, etc. A network security camera, for example, sends video data to an on-prem or cloud video repository and occasionally communicates with a manufacturer’s update server. By applying a network access control policy to network security cameras, we can limit them to only necessary resources that they need. In the event that a device is compromised, these types of controls greatly limit the amount of damage an intruder or malware can do when exploiting vulnerabilities in the device.
Final Step: Continuous Monitoring
With visibility, authentication, and proper segmentation in place, continuous monitoring of devices is a critical final stopgap to limit the extent of a security incident caused by an insecure IoT device. Similar to the way we determined an appropriate network access policy for a type of device, we can determine a baseline behavioral pattern for each device. We can also rely on several of our core security tools such as Next-Gen Firewalls, SIEM solutions, and Endpoint Security to tell us when a device or set of devices has gone rogue on the network. Aruba ClearPass customers utilize our ecosystem of over 150 third-party integrations to restrict or quarantine a device based on the security telemetry from their other security solutions.
Even as we make strides in building additional security into IoT devices, taking a comprehensive security approach to these devices should be a high priority. The importance of this approach will increase as exciting new use cases continue to drive the growth of IoT and push what is possible at the edge.