One of the common refrains I hear from IT managers is that their IT assets are of little value. Manufacturers, for example, don’t believe their control systems are of any value to hackers, as they don’t hold critical information and are easily reset to factory defaults if hacked. Hackers view such targets as precious resources.
IoT botnet and amplifier attack capacity exceeds 10Tbps today, said a 2022 report from Nokia. They found that DDoS attacks today are often not launched by individual users, but from black market ‘as-a-service’ packages often paid for by cryptocurrency. Today’s DDoS attacks use large-scale botnets that can spoof authentic IP addresses and legitimate checksums.
Unsecured IoT devices are a treasure trove for botnet operators. It’s the responsibility of IT managers to ensure these devices remain protected against botnet enlistment. IT security vendors offer expensive protection products. Alternatively, here are three simple steps to protect your enterprise IoT against compromise, even if you have a limited budget.
1. Identify IoT devices
It’s common only to consider devices marketed as IoT in the past few years as targets for compromise. Common IoT devices include security cameras, industrial lighting systems, and manufacturing controllers managed by a web-based solution. An example is an IP-phone provided by a cloud-based PBX. However, an IoT device is any non-traditional endpoint with an IP address. It’s these systems that may fall through the cracks and become targets.
Some commonly overlooked IoT devices include multi-function printers, security scanners, and inventory scanners. A high-level place to start to identify non-traditional IoT devices is to take a look at your IP addressing system. If you have tight controls around IP addresses, the IP address inventory is a good place to start identification. Administrators should audit their IP address system for unmanaged systems. Another IP address source is the DHCP system.
2. Isolate the systems
Another best practice is to change default passwords and apply security updates to devices. In some cases, updates or changing the default password isn’t an option.
A potential security mitigation technique is to isolate the devices from the production network. There’s rarely a good reason for unmanaged, or even managed, IoT devices to reside on the same logical network as end-user devices and servers.
A solid approach is to create VLAN specifically for IoT devices. By placing the devices in an isolated network, administrators have the ability to apply layer 3 security policies to large swaths of the network. Layer 3 network isolation allows the use of existing access control lists on routers and traditional firewalls to control the flow of communication between IoT devices and the production network. The approach allows for mitigation of risk associated with IoT devices attacking production systems, such as workstations and servers.
3. Limit internet access
Placing IoT devices into an isolated network also provides the ability to deny internet access by default. Botnet operators want system resources that they can point toward targets on the internet. If the isolated devices neither have the ability to access the internet, nor infect other devices with an internet connection, administrators reduce the desirability of these devices to intruders.
For more on securing IoT without breaking the bank, see how IoT security affects operational technology, how businesses today tend to struggle to secure their IoT suite, and our ‘cheat sheet’ of IoT basics.