How to secure your IoT devices from botnets and other threats

How to secure your IoT devices from botnets and other threats

How to secure your IoT devices from botnets and other threats

There are resulting challenges ahead in IoT security arena. Gartner predicts that over the next two years more than half of IoT manufacturers won't be able to contain weak authentication methods, which can pose a data risk. They estimate that "by 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets." Last April they projected security spending on IoT will approach $350M this year - nearly a 24% increase from last year, but this may not be enough.

Appropriate tactics will be a key element in the security battle. A recent Forbes article covered the topic of IoT security, advocating "strict regulatory standards," the need to "enhance security while simplifying compliance" and implementing "an end-to-end approach that integrates both IT and operations technology (OT)."

Let's look at some best practices to address the concepts of authentication, data privacy and botnets:

Devices which must authenticate against other systems (generally in order to access or transmit data) should be configured to do so securely, such as with unique IDs and passwords. It may also be possible to implement encryption (SSH) keys to provide device identity to permit it to authenticate against other systems (securing the keys themselves is obviously a critical priority for this model to work). Examples of IoT devices with this capability can include closed-circuit TV (CCTV) or DVR devices and satellite antenna equipment.

Read Also:
Why the cloud could hold the cure to diseases

In other instances, device SSL certificates can be issued during the manufacturing process or added later to establish device identity and facilitate the authentication process. The concept of building security into the device from the outset is an important concept for IoT manufacturers to consider, so that a careful consideration of possible vulnerabilities or flaws is factored into the design process. Some examples of IoT devices which can use SSL certificates are the Amazon Web Services IoT Button, smart meters and home energy management devices.

When it comes to device updates (software and firmware, for instance) authentication should be employed where possible to ensure these can retrieve code only from approved systems, such as internal servers or authorized devices.

Depending on your IoT devices, researching and implementing the capabilities above (if not already) present would be a good first step in security.

IoT devices can use hardware-based trust anchors, also known as "roots of trust", which utilize a trusted boot process to ensure devices operate in a known secured state and their contents remain private. It's also possible to defend against untrusted software attacks by isolating code in different hardware locations so they cannot access secured resources.

Read Also:
Adopting an Agile Data Approach: Tips and Challenges

Whether data is moving or at rest, it should be encrypted to protect the contents where possible.

IoT on-chip memories can protect data from being accessed or stolen by utilizing cryptography to encrypt or decrypt information. Communication between IoT devices and other systems should be secured via encrypted links using protocols such as TLS (Transport Layer Security), which is commonly used with web browsers such as when conducting financial transactions. TLS can prohibit "man in the middle" attacks whereby data in transit is captured and analyzed for confidential material.

It's also a good idea to isolate data so it's only available to systems which need to access it.

 



Data Innovation Summit 2017

30
Mar
2017
Data Innovation Summit 2017

30% off with code 7wData

Read Also:
2016 Tour De France Gets Big Data Analytics Upgrade

Big Data Innovation Summit London

30
Mar
2017
Big Data Innovation Summit London

$200 off with code DATA200

Read Also:
17 Things These Executives Wish They Had Known From the Start
Read Also:
Big data vs. the Internet of Things: how the projects differ

Enterprise Data World 2017

2
Apr
2017
Enterprise Data World 2017

$200 off with code 7WDATA

Read Also:
Business Intelligence: basics you need to know

Data Visualisation Summit San Francisco

19
Apr
2017
Data Visualisation Summit San Francisco

$200 off with code DATA200

Read Also:
Key Trends To Dominate Big Data Analytics

Chief Analytics Officer Europe

25
Apr
2017
Chief Analytics Officer Europe

15% off with code 7WDCAO17

Read Also:
Big Data and smart content: New challenges for content management applications

Leave a Reply

Your email address will not be published. Required fields are marked *