IoT Network access control and Modern security policies

Modern security policies akin to a game of jenga

Securing enterprise networks from IoT-powered DDoS attacks is becoming increasingly necessary, but what about the IoT devices themselves with the enterprise network? The truth is security teams have enough trouble managing even traditional security systems. Network Access Control (NAC) has always been a tough area for IT departments and IoT is getting ready to make it an even larger headache, nonetheless it is one security professionals must suffer through in order to adequately secure the endless supply of incoming IoT devices. Sooner or later most companies will have to revise their security and formulate an effective security policy for the Internet-enabled devices.


Next generation Network access control technologies are a must

IoT devices are usually tiny, small-footprint appliances incapable of running endpoint security software. This means an agentless NAC system must be used for IoT devices to be properly authorized and allowed into the network.
The next gen NAC’s must be able to discern IoT devices, their capabilities, the functionality and resources they require, in turn a modern security policy must be formulated to provide these devices with just the right amount of access. In cases where IoT devices remain unidentified, the policy can either deny it network access, or create a sandboxed/segmented network depending on IT security policies.

Industrial IoT security faces additional challenges

Many Industrial control systems in use today were created in a time where offline and isolated systems where still operationally viable.The encroaching task of placing these systems online with adequate levels of security will be a full-time task for security teams. The timing-critical nature of these systems make network security a non-trivial task, considering the agentless and vulnerable nature of IoT. Full centralized network monitoring and visibility must be integrated into connected industrial control systems.

Healthcare faces even greater challenges from connected devices. Reports show hospitals are at great risk from IoT given the number of devices that are constantly connected to the network, from personal fitness trackers to patient health monitors.

 

Industrial cyber security appliances for critical systems

Due to absolutely critical nature of connected electrical grids, transportation systems etc, hardened security appliances that can constantly monitor vulnerable devices and networks are absolutely key. The often harsh conditions in industrial environments necessitates network computing hardware with a wide operating temperature, no moving parts and shielded/protected circuits.

Lanner’s 6030 is an x86 Intel atom E3845 cyber security appliance designed to tackle these demanding Industrial IoT  environments.  With a completely fanless design, -40° to 70°C wide operating temperature, up to 6 GbE LAN ports, a pair of LAN bypass ports and versatile DIN rail & wall mount options.  Deployed at the industrial network’s edge, these appliances provide the reliability necessary to operate nonstop and monitor industrial IoT devices, sensors and network segments. The Intel Atom E3845 powering the unit provides an incredibly flexible platform with the largest library of software available in the world, providing the cyber security appliance with unbridled network functionality and automation.

IoT Cyber Security is like a game of Jenga

In that the primary goal is to try to remove as much network access/functionality(the bricks) without causing the desired functionality of the system (tower) failing. This can cause frustration amongst company employees that connect a harmless IoT device only to find it blocked off.

Take for example a connected thermostat. Deciding what it has access should be really simple right? If all it needs to do is keep a certain port open looking for incoming connections we can completely disable internet access outside of those criteria. What happens if a user connects a thermostat which pings a certain server for the weather and adjusts according to certain user preferences? That functionality wouldn’t simply work under that policy and might even cause the device to fail.

 

Final Thoughts

Cyber security needs to keep up with the speed and proliferation of IoT devices before they become even more ubiquitous in corporate environments. Automation and centralized policy management need to evolve as that is the only way to cost-effectively deal with the massive amounts of devices. Ideally The device vendors themselves will eventually adopt a culture of security in the face of these constant hacks and DDoS attacks.

 

 

 


Related Posts