Our lives have been taken over with many many WiFi enabled capable devices. The internet of things (IoT) has quite a flaw which is security. Many vendors lax on providing security updates to their software that are used in smartphones, tablets, PC’s , Game Consoles , TV’s , your Fridge and many other devices. This day in age we have to maintain a due-care and due-diligence approach on security for all these IoT devices.
With this in mind, here are seven best practices on security for IoT:
- Use security gateways: They have the ability to inspect and audit the communications of your network.
- Use VLans: Put all IoT devices in a separate Vlan outside primary business network.
- Use strong authentication: Change those consumer devices default passwords!
- Disable services: Many devices use telnet, FTP and other risky services that may be exposed to the internet.
- Use secure protocols: HTTPS and SSH .
- Check data integrity: Achieve a way to log device data changes.
- Plan for upgrades: Shellshock and Heartbleed continue to be found. It is essential to plan for future upgrades to device software. These updates will need to be performed rapidly depending upon the seriousness of the update.
NIST has also released a document called Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks which is based on current cybersecurity principles in the NIST Cybersecurity Framework and adapts (IoT) Internet Of Things for today’s requirements. It is the first in a series of documents that aims to help organizations better understand IoT security risks.
The NIST IoT guide identifies cybersecurity and privacy risk considerations with IoT devices, before exploring some of the challenges of mitigating them. They also make recommendations that build upon the 7 best practices above.