As more devices and appliances with Internet capabilities enter the market, protecting those devices from hackers becomes critical. Unfortunately, many of these non-computer, non-smartphone devices — from toilets to refrigerators to alarm systems — weren't built with security in mind.
So what can s system integrator deploying these devices do? When it comes to the so-called Internet of Things and the connected home, it's best to proactively secure the home network. There is no antivirus software for a smart TV, but you can protect your network so hacking the TV doesn’t become a backdoor into your home.
THE RISK OF THE INTERNET OF THINGS
The Internet of Things is a catchphrase referring to commonplace devices and appliances — such as thermostats, automobiles and refrigerators — that are connected to the Internet. It also includes Internet-connected "wearable" devices, such as fitness bands or Google Glass. The market for Internet of Things devices will hit $7.1 trillion by 2020, according to estimates from analysis firm International Data Corp.
Connecting everyday devices to the Internet seems like a great idea, but system integrators and users need to be mindful of the risks, warned JD Sherry, vice president of technology and solutions at Tokyo-based antivirus-software maker Trend Micro.
"No one is going to keep the door to their house unlocked," Sherry said. "You need to think [the same way] about the appliances on your network."
For example, fitness bands that monitor the wearer's location could give hackers details about daily routines and patterns as they have recently on military outposts. So could alarm systems that can be remotely accessed via smartphone apps. Burglars could use data stolen from either type of device to know when to break into homes while residents are away.
The good news is that many people already think about protecting their data, according to a survey of 1,801 tech-savvy homeowners in 11 countries conducted for network-security provider Fortinet.
In the "Internet of Things: Connected Home" survey, the results of which were released in June, 70 percent of respondents said they were somewhat or extremely concerned about the prospect of a data breach as a result of connected appliances.
HOW TO MAKE CONNECTED HOMES MORE SECURE
Here are some steps to protect your home network and the gadgets connected to it.
Secure the wireless network. The old Wired Equivalent Privacy (WEP) protocol is still widely used, but it is weak and easily compromised. Make sure the home wireless network is instead protected by the Wi-Fi Protected Access II (WPA2) protocol with only KRAK security patched devices and a strong, complex password.
Give your Wi-Fi network an obscure name, or SSID, that doesn't give attackers personal information they can use in social-engineering attempts. For instance, don't call it "[Your Name] House." Instead, call it something random, such as "NSA Surveillance Van."
Disable guest network access entirely, and to be strict about who — or what — can get on the network.
Create at least two different Wi-Fi networks with separate VLANs for the multiple SSIDs. Trey Ford, global security strategist at security company Rapid7, suggests one network for computers, tablets and smartphones used for online banking, shopping and general Web activity; another network can be for smart devices.
Good password management is essential. Neither network equipment (such as routers and switches) nor newfangled gadgets (such as smart TVs) should use default factory-set administrator passwords. Change each admin password to something suitably strong and complex, and regularly change them going forward. When possible, usernames should be also changed to make it even harder for attackers to brute-force their way in.
IS A FIREWALL ENOUGH?
No, a stand alone filtering firewall is not enough in the modern smart-home. You still need a Firewall, but it needs to have more enhanced security features. Firewall the network with a high-quality, high-performance, Next-Generation Firewall appliance. When considering cost, think of the value of all the assets you are protecting along with your time and reputation at stake.
"Every home with an Internet connection should have [a professional grade firewall],"
Most networked IoT devices include information about the ports, network protocols and IP addresses used in the owner's guide or the support website. But rather than setting the firewall to allow traffic on those specific ports with port restrictionas and port forwarding, use a VPN server and client to allow for secure remote access for both technicians and end users to the network. This will drastically cut down on opportunistic network-probing attempts.
"If [devices] require a wide-open access to, or from, the Internet, beware!"
Install a Next-Generation Firewall with an integrated unified threat management appliance (UTM) if you have a highly-connected home. It will handle intrusion detection and prevention, manage the Internet gateway and provide your network secure DNS protection.
A good Next-Generation Firewall UTM will have signatures and countermeasures to detect and stop the more common and even uncommon network entry points that attackers will use.
Utilize an effective GeoBlocking scheme with your Next-Generation Firewall. GeoBlocking automatically disallows remote connectivity attempts from designated countries or regions that have no business initiating contact with your smart home. This greatly reduces exposure to automated network probing attacks from major threat countries.
SECURITY TIPS BEYOND THE NETWORK
Once the network is secure, examine each IoT device you own— and what it is doing. Disable remote-management access and other powerful network tools if they won't be used.
Perhaps your car lets you connect to Facebook. If you don’t plan to check your Facebook page while driving, don't hand over your credentials to set up the connection. Use your phone instead — it's safer.
Install security software wherever possible, such as on mobile devices used to control IoT devices. If attackers can access a smart garage-door opener or a smart thermostat via a malicious Android app instead of by hacking the device directly, they will go with the easier option.