We've all heard the saying "one bad apple spoils the whole bunch," and have probably seen instances where it does apply to people. This is a real phenomenon. As they ripen, some fruits, like apples and pears, produce a gaseous hormone called ethylene, which is, among other things, a ripening agent. When you store fruits together, the ethylene each piece emits prods the others around it to ripen further, and vice versa, resulting in a bad apple ruining the bunch.
So how does this apply to your properly configured firewall and secure network? Every time you or your clients leave the protection for your network with a mobile device, they expose themselves to what we call in the US Army the "dirty Internet". While operating at offices, friends' and family members' homes, coffee shops, hotels, airports, and restaurants, these devices are exposed to potentially unprotected access to the dirty Internet. It is during these times that the potential for malware contamination of the devices is the greatest. Once these devices come back to the home network, the real damage happens. Using a traditional firewall, no protection is given to the devices on the network behind the firewall, and the malware can wreak havoc infecting all of the third part devices it can find and connect to.
Many of the user's mobile devices such as phones, tablets, laptops and PCs will have endpoint protection. If it is up to date and performing properly, they may be protected, but what about all of the other smart devices on the network? Hubs, control systems, TVs, refrigerators, Network attached Storage (NAS), lights, shades, printers, scanners, locks, and assistants like Amazon Echo and Google Home? These devices are tempting targets as they are usually powered on 24/7, have very little security, and run no anti-virus or malware protection applications.
This is where the bad apple being introduced to your network can ruin everything. A couple of questions you need to ask in this scenario.
1. If this happens, how will I know if my IoT devices are compromised? How does one detect malware on a refrigerator, camera or TV?
2. If I do determine that my IoT devices are compromised, how do I remove the malware?
No too long ago I had a discussion with an integrator that ran into this very issue on a campus of four buildings they had under contract. The network became infected through the introduction of a compromised thumb-drive to a PC behind the firewall. As malware spread freely through the network, things became very slow and unreliable. They returned two weeks in a row to clean the tablets, PCs and mobile devices. Each time the malware returned to the network within a matter of days. Finally they brought in an expert and identified that the malware was in the security cameras and was re-infecting the network each time they cleaned it. They had to take each camera and one-at-a-time isolate it from the network to watch the traffic and attempt to identify whether malware was present. Once it was identified, the firmware was re-flashed in an attempt to recover the camera. I know the process took weeks of valuable time for the integrator.
To minimize the chance of this happening to you and your clientele,
1. Use proper VLAN separation of IoT, control, security, and dirty Internet devices
2. Implement secure DNS on site
3. Use an actively updated Intrusion Detection & Prevention System (IDPS) that inspects all traffic (inbound, outbound, and between VLANs)
4. Actively filter known malicious websites and server addresses on the Internet and dark web
5. Use a Virtual Private Network (VPN) client & server to protect your mobile devices while out in the dirty Internet environment
6. Keep an up-to-date end-point protection on your mobile devices and PCs
7. Secure all of your network devices with unique and complex passwords
8. Never port forward anything through your primary firewall - use VPN instead
9. Use a high performance firewall with deep packet inspection capability
10. Make sure to install patches and updates to devices as soon as they come out
11. Use Geo-blocking to block unsolicited access to your network by foreign countries
12. Monitor device and network health remotely
If you have any security concerns or questions or want to learn how to build your RMR business around cyber-security, please feel free to call us at FIREFX or stop by booth #3153