Securing Networks In the Internet of Things Era

← Back to Stories (view on slashdot.org)

Securing Networks In the Internet of Things Era

Posted by timothy on Friday August 22, 2014 @09:33PM from the glad-that-someone-finally-invented-things dept.

An anonymous reader writes "Gartner reckons that the number of connected devices will hit 26 billion by 2020, almost 30 times the number of devices connected to the IoT in 2009. This estimate doesn't even include connected PCs, tablets and smartphones. The IoT will represent the biggest change to our relationship with the Internet since its inception. Many IoT devices themselves suffer from security limitations as a result of their minimal computing capabilities. For instance, the majority don't support sufficiently robust mechanisms for authentication, leaving network admins with only weak alternatives or sometimes no alternatives at all. As a result, it can be difficult for organizations to provide secure network access for certain IoT devices."

7 of 106 comments (clear)

Min score:

Reason:

Sort:

will NOT have learned from Target by dltaylor · 2014-08-22 22:20 · Score: 4, Insightful

Most of the management types I've met have just enough functioning brain cells to kiss ass and repeat whatever mantra they learned in MBA school or during the most recent management retreat.
Target was breached because HVAC maintenance had access to the same network as the POS terminals, which is inexcusable stupidity. Unfortunately, this is exactly what will happen with the IoT devices. Putting them on an entirely separate network (own APs for wireless, blinkenlights, ...) will cost something, and, since the CIOs don't spend hard time in a closed prison for exposing their systems, or the personal data of employees or customers, they simply will not authorize the expenditure.
1. Re:will NOT have learned from Target by Anonymous Coward · 2014-08-22 22:50 · Score: 5, Insightful
  
  Exactly. I have yet to see a compelling argument or application for this "Internet of Things." I mean, it's a really catchy buzzword. I know my toaster is bored most of the day, having only 5 minutes' work to do each morning, and I can see where it might enjoy surfing the web during downtime. Maybe I'm just not very creative, that I fail to imagine the wondrous potential embodied in uploading my toast-cooking routine and consumption to the cloud. WTF do people want this?
  Until someone can explain the actual benefit to me, I'm going to see "Internet of Things" as a way to turn every object in my house into an advertisement and a potential hole in my already fragile network security.
2. Re:will NOT have learned from Target by Anonymous Coward · 2014-08-22 23:36 · Score: 3, Interesting
  
  Exactly. I have yet to see a compelling argument or application for this "Internet of Things." I mean, it's a really catchy buzzword. I know my toaster is bored most of the day, having only 5 minutes' work to do each morning, and I can see where it might enjoy surfing the web during downtime. Maybe I'm just not very creative, that I fail to imagine the wondrous potential embodied in uploading my toast-cooking routine and consumption to the cloud. WTF do people want this?
  Until someone can explain the actual benefit to me, I'm going to see "Internet of Things" as a way to turn every object in my house into an advertisement and a potential hole in my already fragile network security.
  You want an explanation?
  Outside of IT, name 10 people you know who that have ever used the words "potential hole" and "fragile network security" when discussing their home wifi concerns.
  As far as your quest for a compelling argument, the audience hardly compels me with their brilliance. Consumers are for the most part children regardless of age, proven by the billions generated on some of the silliest shit in existence. Children want toys, not rules, hence the IOT we have today.
Seperate VLAN. by Karmashock · 2014-08-23 00:32 · Score: 3, Interesting

You can buy a router for 200 bucks that can do port by port VLAN or create different Wifi SSIDs that link to different VLANs.
Put all your internet of things stuff on VLAN 2, then setup firewall rules that allow the hub for the internet of things devices to either communicate directly with a control system on VLAN1 or just go out to the internet. If VLAN 2 is compromised... it will not compromise VLAN 1.

--
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
1. Re:Seperate VLAN. by dotwhynot · 2014-08-23 00:53 · Score: 3, Interesting
  
  You can buy a router for 200 bucks that can do port by port VLAN or create different Wifi SSIDs that link to different VLANs.
  Put all your internet of things stuff on VLAN 2, then setup firewall rules that allow the hub for the internet of things devices to either communicate directly with a control system on VLAN1 or just go out to the internet. If VLAN 2 is compromised... it will not compromise VLAN 1.
  What happens when your 200 bucks router is compromised?
2. Re:Seperate VLAN. by Karmashock · 2014-08-23 01:09 · Score: 3, Interesting
  
  Same thing that happens when your router is compromised today. Its a zero sum game. At least the router has a chance of repelling an intrusion because it has some security features built into it. The IoTs stuff is naked.
  My worry with IoTs stuff is that an outside intruder will gain control over them through the internet. I'm less worried about a war driver tapping in from the street. The router idea should provide my computers protection from the shotty security of the IoTs.
  Ideally the IoTs stuff should not link to some centralized cloud server but rather host itself locally. If it does that, then I can set the incoming port numbers to something random and at that point its pretty unlikely anything is going to touch my system.
  Logging into my local hub of IoTs stuff should work something like this:
  https://myhomeiprandomportnumb...
  At that point while a breach is possible its just very unlikely.
  
  --
  I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Re:Securing the Internet of Things is easy by Opportunist · 2014-08-23 02:21 · Score: 3, Insightful

Sorry, but "Internet of Things", the term at least, has become a buzzword. As you correctly identified, it's bullshit bingo material considering that pretty much anything connected to the internet almost invariably has to be a thing (apologies to all the cyborgs out there). The "buzzwordism" (I really hope that doesn't become a buzzword now...) lies in the term meaning something along the line of "appliances connected to the internet that were not supposed to be connected when they were originally created". Routers, switches, hubs, bridges... they are by definition supposed to be connected to some sort of network. They have no use outside of one. Computers, gaming consoles and maybe even TVs kinda "belong" on a network, because even though they have a use without, it kinda makes sense to connect them.
It's different for what the appliance industry termed "white goods". Washing machines, dryers, fridges, stoves... they came into existence long, long before anything remotely resembling a computer or internet, and people don't immediately consider them something they would possibly connect to a network. Those are the "things" the "internet of things" talks about.
And this is basically also the reason why "internet of things" belongs to the buzzwords. Or, maybe rather, buzzterms. It's a made up term that qualifies a certain group of items that makes no sense whatsoever outside the world of marketing.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.