Internet of Things (IoT)
How to Secure These Insecure Devices
The IoT Challenge
IoT devices will soon outnumber non-IoT devices across the Internet. Gartner estimates that 5.8 billion IoT endpoints will be in use by 2020, a 21% increase from 2019.
Security is often not baked into the design. Basic security features may be missing or disabled by default.
Each device is usually stand-alone which means configuration changes and patches must be made at each physical device.
IoT Risks are often not understood prior to purchase. It is often tempting to buy the latest IoT without thinking about the security impact of these devices.
IoT find their way into our networks whether through authorized purchases or through back channels. Our Penetration Tests usually find IoT devices that are unknown to the company at the time.
With fast innovation cycles vendors are trying to quickly get new devices to market, and often do not take the time to address known vulnerabilities in older products.
Click the button below to claim these valuable resources.
What is IoT?
The Internet of Things (IoT) permeates our lives and our networks. When you hear the term IoT, you may think of technology in your “smart home” such as your Nest thermostat, Apple watch, or home security system.
However, IoT has been around for quite some time in the business space from SCADA systems in critical infrastructure, to legacy medical devices (e.g. patient monitors, infusion pumps) in healthcare, and printers. Other IoT includes:
- VoIP Phones
- Digital Displays & Televisions
- Smart Lights
- Appliances, HVAC
- Out-of-Band Management Controllers (e.g. HP iLO, DRAC)
Gartner defines IoT as "...the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment."
How Do I Secure IoT?
The IoT Defensive Strategy checklist found in the IoT Survival Guide can be used analyze your IoT defenses.
- Identify your security blind spots
- Ensure critical IoT defenses are in place
- Gain actionable next steps for maturing your IoT defensive posture
What About NIST CSF?
IDENTIFY your IoT, PROTECT your critical assets from insecure IoT (and your IoT from its threats), DETECT IoT compromise, and be able to RESPOND and RECOVER from an IoT incident.
Learn the key controls to have in place and how they map to the NIST CSF.
Hacks Covered in the "My Favorite IoT Hacks" Webinar
How I leveraged a printer vulnerability to gain domain administrator access.
An exploit against a fuel tank monitoring system.
When these devices begin attacking your network, you know something is up.
How default credentials led to widescale DDoS attacks.
What can happen when a consumer-grade wireless router ends up on your corporate network.
Konica Minolta Printer
How to gain access to hidden Konica Minolta Printer credentials through a rogue LDAP server.
How home brew devices can put your network at risk.
DRAC and HP iLO
Exploits against common out-of-band management controllers.
Internet of Things (IoT) Survival Guide
Protect Your Critical Assets While Accommodating IoT
This IoT Survival Guide was created for organizations who need to securely incorporate IoT into their environment.
This value packed IoT Cybersecurity Survival Guide will cover the following topics:
A Historical Perspective of IoT
A look back at a memorable IoT hack from 2009 that threatened many networks.
What is IoT?
Starting with a common definition of IoT is crucial. It is more than just your "smart home."
Why is IoT is a Challenge?
IoT presents a security challenge because of six defining characteristics.
Strategies for Assessing Your IoT Risk
Learn to apply foundational cybersecurity principles to IoT risk.
NIST Cybersecurity Framework (CSF) and IoT
How the NIST Cybersecurity Framework can be used to address IoT risk.
The variety of defenses that can be used to mitigate IoT risk.
A checklist you can use to analyze your defensive posture with IoT devices.
About the Author:
Click the button below to watch the "My Favorite Hacks" webinar & download the IoT Survival Guide!