===================================================
By Fahmida Y Rashid PCMag 11/06/2014 7:47 a.m.
How to Secure
Your Internet of Things
The phrase "Internet of Things" may be
over-hyped, but the connected home is no longer a vague futuristic concept, but
a reality. The average home already has multiple connected devices, and it's up
to the savvy user to actively secure them by locking down the home network.
The Internet of Things includes pretty much any device
capable of connecting to the Internet. The smart refrigerator is a popular
example, but the category goes beyond electric appliances to include
thermostats, automobiles, and wearables. Even
though there is a lot of conversation about ways to bake security into these
devices, the bottom line is that they are all vulnerable. Attackers can
conceivably use them as backdoors into
your network, or figure out a way to hijack the
devices to carry out other operations. It's up to the homeowner to protect the
Internet of Things in the connected home—and the way to do that is to protect
the home network.
That sounds suspiciously mundane, like setting up
WPA2 encryption on the house's wireless network, selecting strong passwords,
and keeping certain devices separate from each other. The thing is, the way you
protect the Internet of Things isn't all that different from how you should
already be protecting your computing devices at home.
The most important piece of equipment for the
Internet of Things is the router, said John McCormack, CEO of Websense. That is
where the bulk of our security efforts should be.
You're More Connected Than You Think
Let's take a step back. Perhaps you are thinking that you don't have a lot of Internet of Things devices to begin with. You would be surprised. It turns out a typical home has around five potentially dangerous things other than computers, tablets, and cellphones, connected to their home network, said David Jacoby, a security researcher at Kaspersky Lab. They include smart TVs, printers, game consoles, network storage devices, satellite receivers, and media players. You don't need fancy gadgets or high-tech equipment to have a networked home.
Let's take a step back. Perhaps you are thinking that you don't have a lot of Internet of Things devices to begin with. You would be surprised. It turns out a typical home has around five potentially dangerous things other than computers, tablets, and cellphones, connected to their home network, said David Jacoby, a security researcher at Kaspersky Lab. They include smart TVs, printers, game consoles, network storage devices, satellite receivers, and media players. You don't need fancy gadgets or high-tech equipment to have a networked home.
Just to put things in perspective, Jacoby uncovered
over 14 remotely exploitable vulnerabilities on his network-attached-storage (NAS) device which could potentially give attackers access to all his files.
Michael Price, a counsel in the Liberty and National
Security Program at the Brennan Center for Justice at NYU School of Law, wrote
late last week about getting a new smart TV and being surprised by the
"staggering" amount of data it collects. "It logs where, when,
how, and for how long you use the TV. It sets tracking cookies and beacons
designed to detect when you have viewed particular content or a particular
email message. It records the apps you use, the websites you visit, and how you
interact with content," Price wrote.
The camera on the smart TV is equipped with facial
recognition. If an attacker can break into the network and get to the TV, they
will be able to see what is going on inside the home. The TV also has a
microphone, and it can capture and transmit recordings to a third-party.
"Don't say personal or sensitive stuff in front of the TV," Price
warned.
The Internet of Things expands the amount of
information attackers can grab about us. These connected devices also create
holes in our network, giving attackers more opportunities to get access to our
files and sensitive information. "Protecting the device itself is near
impossible," said Christpher Martincavage, a senior sales engineer at
SilverSky. Since we can't secure each individual device, let's lock down our
home networks and reduce our attack surface to something a little bit more
manageable.
What Can I Do?
We frequently set up our home network by just plugging the router in and not bothering to step through the interface to figure out what it is doing. Change your password—the last thing you want is someone to be able to get in to your router and change around the settings. Disable guest network access entirely so that strangers can't hop on willy-nilly.
We frequently set up our home network by just plugging the router in and not bothering to step through the interface to figure out what it is doing. Change your password—the last thing you want is someone to be able to get in to your router and change around the settings. Disable guest network access entirely so that strangers can't hop on willy-nilly.
Most routers have the option to set up multiple
network SSIDs. Set up one network for your computers, printers, NAS, and other
computing devices. Set up a completely different SSID for the Xbox, smart TV,
and other appliances, suggests Trey Ford, global security strategist at Rapid7.
Set up another SSID for mobile devices. This way, even if one of your devices
get hijacked or injected, the attacker is limited to just that single network.
It would be much harder to go from a backdoored TV to the NAS if they are on
different networks. Segmenting the network this way also means that if one
section is hijacked, all the other devices are not accessible and remain safe.
If you are willing to put in the effort, you can
list all the MAC addresses for every single device connecting to your network
so that the router assigns IP addresses only to those systems. All unknown
devices will be blocked from accessing the network. This would prevent
attackers sitting outside your home from connecting to your network and
wandering through your digital home.
Encryption, Passwords
When it comes to setting up a secure wireless network, which encryption scheme you select matters. WEP requires you to enter a password, but it is weak and easily compromised, so having it is just a false sense of security. Use WPA2 encryption and a strong, complex password. If you are going to be clever about the name of your wireless network, make sure it's actually clever and not something that gives away something about you or your geographic location, such as "Maureen's LivingRoom." And while you are at it, change the passwords for all your devices, even your TV. Change them to something suitably strong and complex right away, and regularly update these passwords. If you can, change the usernames, too, to make those brute-force attacks even harder to do.
When it comes to setting up a secure wireless network, which encryption scheme you select matters. WEP requires you to enter a password, but it is weak and easily compromised, so having it is just a false sense of security. Use WPA2 encryption and a strong, complex password. If you are going to be clever about the name of your wireless network, make sure it's actually clever and not something that gives away something about you or your geographic location, such as "Maureen's LivingRoom." And while you are at it, change the passwords for all your devices, even your TV. Change them to something suitably strong and complex right away, and regularly update these passwords. If you can, change the usernames, too, to make those brute-force attacks even harder to do.
Every network needs a firewall, whether it's a
stand-alone device or one turned on inside the router. While it won't prevent
all attacks, it will cut down on opportunistic probes and backdoor attempts.
Every Door, Every Window
In the end, the main thing is that we all need to change the way we think about our networks and all the devices on them. "No one is going to keep the door to their house unlocked. You need to think [the same way] about the appliances on your network," said JD Sherry, vice-president of technology solutions at Trend Micro.
In the end, the main thing is that we all need to change the way we think about our networks and all the devices on them. "No one is going to keep the door to their house unlocked. You need to think [the same way] about the appliances on your network," said JD Sherry, vice-president of technology solutions at Trend Micro.
The key, however, is that each entry point is
potentially another front door, back door, attic window, and so on. You've got
to make sure they're all locked tight if you want to be safe in the age of the
Internet of Things.
===============================
===============================
In
addition to this blog, I have authored the premiere book on
Netiquette, "Netiquette IQ - A Comprehensive Guide to Improve, Enhance
and Add Power to Your Email". You can view my profile, reviews of the
book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
.jpg)
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County New Jersey.
==========================================
No comments:
Post a Comment