Since 2004, National Cyber Security Awareness Month has been observed during October to raise awareness and prompt conversations on how to best address the challenges that cyber threats pose. As an industry leader in secure networking, Tempered Networks is committed to providing solutions to combat the inherent shortcomings of IP networking and offer our customers the freedom and protection that comes with Identity-Defined Networking.
Throughout the month, we’ll be giving insight into some of the many issues that we regularly assist our customers in solving. Let’s start with one of the most common and increasingly pressing needs our customers face today: Industrial IoT security.
Device proliferation driven by IoT is only going to keep increasing exponentially. Experts believe that there may as many as 20 billion connected devices by 2020, and while this is an exciting prospect, it is also a delicate one. Without taking the proper steps to securely network IoT, the consequences of a large-scale cyber-attack could be devastating just like the Mirai botnet attack that was largely made up of so-called “internet of things” (IoT) devices.
But fear not – solutions are out there. There are many practical steps that can be taken to achieve IoT security. I’ll walk you through Tempered Networks’ best practices:
- Give your IoT endpoints a ‘verifiable identity’.
Identity must be based on a hardened machine identity versus one based on a spoofable IP address. This protects vulnerable IoT machines from spoofing and exposing your network attack surface. A protected IoT device with a verifiable identity would not respond to an unauthorized machine, because the prober would not have the appropriate identity and therefore would not be authorized to communicate.
- IoT machine authentication, authorization, and auditing must happen before any data is exchanged.
This means that all three must happen before a TCP network connection is even established. Why is this essential? It makes vulnerable IoT devices cloaked and untouchable to any unauthorized system. The device can’t be found over the Internet, period. Devices are completely invisible to hackers even if they gained access when probing a private network.
- Policy must be based on machine whitelisting.
Unlike end-users, which require broad access to a vast amount of public and private resources, IoT devices are different because the scope of things they need to communicate with is much narrower. An IoT device only needs to communicate with a few endpoints (like a registration server or an analytics server). When you base networking and access control on an identity–based machine, whitelisting becomes a simple way to enforce policy as opposed to attempting to enforce based on IP addresses or blacklists–both of which are vulnerable to spoofing and hacker reconnaissance.
- Simple to implement and orchestrate.
The biggest vulnerability in IoT security is human error, especially at the smaller IoT scale. Networks that are too complicated to manage are the biggest causes of human error, which can leave a network totally vulnerable to a large-scale attack.
- Built-in availability and resiliency.
An IoT network that commonly drives environments like Smart City infrastructures cannot fail. Think about all the critical services like water, energy, and traffic that are so important to citizen safety and vitality. As such, IoT networking must be able to overcome traditional connectivity and failover barriers like NAT, CGNAT, and different IP and DNS schemas used in different networks.
A flexible, responsive network that’s secure by default is needed to navigate the complexities of IoT networking. Tempered Networks’ identity-first approach makes this possible. Since IoT devices are most often ‘headless’ and not managed by an end-user, it’s very difficult to manage and secure. Now, with IDN, you have the ability to assign unique, verifiable identities to all your IoT endpoints—at scale. Best of all, we make IoT networking highly available, remarkably simple, and radically secure. Check out our IoT networking solutions and give us a call to set up a 15 minute demo.