What are the Challenges of IoT Security?

IoT has many of the same security challenges that other systems have. There are, however, some challenges that are unique to IoT.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

1. Embedded Passwords. Embedding passwords in IoT devices make it easy for remote support technicians to access devices for troubleshooting and simplifies the installation of multiple devices. Of course, it also simplifies access to devices for malicious purposes.

2. Lack of device authentication. Allowing IoT devices access to the network without authenticating opens the network to unknown and unauthorized devices. Rogue devices can serve as an entry point for attacks or even as a source of attacks.

3. Patching and upgrading. Some IoT devices do not provide a simple (or any) means to patch or upgrade software. This results in many IoT devices with vulnerabilities continuing to be in use.

4. Physical hardening. Physical access to IoT devices can introduce risk if those devices are not hardened against physical attack. Such an attack may not be intended to damage the device, but rather to extract information. Simply removing a microSD memory card to read its contents can give an attacker private data, as well as information such as embedded passwords that may allow access to other devices.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

5. Outdated components. When vulnerabilities are discovered in hardware or software components of IoT devices, it can be difficult and expensive for manufacturers or users to update or replace them. As with patches, this results in many IoT devices with vulnerabilities continuing to be used.

6. Device monitoring and management. IoT devices do not always have a unique identifier that facilitates asset tracking, monitoring, and management. IT personnel do not necessarily consider IoT devices among the hosts that they monitor and manage. Asset tracking systems sometimes neglect to include IoT devices, so they sit on the network without being managed or monitored.

Most of these issues can be attributed to security being an afterthought (if a thought at all) in the design and manufacturing of IoT devices. Even those IoT developers who consider security in the design process struggle with implementation. Most IoT devices are limited by minimal processing power, memory, and data transfer speeds. This is a necessary evil in order to keep the size and cost of the devices small. Accordingly, security controls must be implemented to compensate for these inherent weaknesses.

The first step to implementing security controls is to determine where those controls are needed. This is another challenge for protecting IoT devices. Since IoT devices are often not recognized as network devices, they get overlooked when inventorying or mapping the network. If you do not know it is there, you cannot protect it.

Fortunately, IoT device manufacturers are beginning to address these issues, but organizations that are planning or currently using IoT cannot sit back and wait for that to happen. There are measures that organizations can take right now to protect their IoT devices and networks from attacks.

Security Requirements of IoT

Manufacturers and implementers must implement security practices to mitigate IoT risks. Steps can be taken to better secure IoT and address known risks.

Security ChallengeSolution
Embedded passwordsRather than embedding passwords in their products, manufacturers should require users to create a strong password during device setup.
Lack of device authenticationManufacturers should provide a means for their devices to authenticate to the network. IT personnel should require devices to authenticate before joining the network.
Patching and upgradingManufacturers need to make it easy for devices to be upgraded or patched. Ideally, this would be an automatic or one-click process.
Physical hardeningIoT devices should be made tamper-proof. Devices should be monitored to detect time offline and inspected after unexpectedly dropping offline.
Outdated componentsVulnerable devices should be updated or replaced. This can be difficult to remedy, especially in environments that have many IoT devices in remote locations. In those cases, tighter security controls and more vigilant monitoring should be implemented.
Device monitoring and managementEnsure that all IoT devices are included in asset tracking, monitoring, and management systems. Manufacturers should provide a unique identifier for each device.

Clearly, many of these security issues can only be resolved by the manufacturer. One that organizations’ security, IT, and OT teams can address is device management. It is up to those planning and/or implementing the rollout of IoT devices to ensure that they are accounted for in asset management, systems monitoring, security monitoring, and incident response systems.

Breaches and Hacks

There are two broad categories of attacks that involve IoT devices: those in which the IoT devices themselves are the end target of the attack, and those that use IoT devices to attack other targets. We have seen both types of attacks used in the real world and by security researchers as a proof of concept.

In October of 2016, an attack against Dyn, a company that provides DNS services, made much of the internet inaccessible. Twitter, Spotify, Github, Netflix, The New York Times, Paypal and other major websites were down for hours.

The attack used the Mirai IoT Botnet, taking control of over 600,000 IoT devices to flood Dyn with traffic in a massive DDoS attack. The devices seemed to be mostly routers and IP cameras. IP cameras are frequently targeted IoT devices.

In a scary example of an attack where the IoT device was the target, the “device” was a car. Fortunately, this was a controlled demonstration by security researchers Charlie Miller and Chris Valasek. They demonstrated the attack for Wired writer Andy Greenberg, who was driving a Jeep Cherokee.

Miller and Valasek, from miles away over a cellular internet connection, remotely turned on the A/C, radio, and windshield wipers. That was just the beginning. Next, they caused the Jeep to slow, remotely rendering the accelerator useless.

How to Secure IoT Systems and Devices

It is clear that IoT attacks can have serious consequences. Securing IoT systems and devices must be done by both the manufacturers and the organizations using them. The security controls that organizations can put in place are similar to the controls they already use on their network. The key to securing IoT is to know what IoT devices are on your network and where they are in your network topology. Until you know that, you are flying blind. You cannot protect what you cannot see.

One way to identify IoT devices on your network is to require all hosts and devices to authenticate when joining the network. Devices that fail authentication can then be identified. If they belong on the network, authentication can then be configured for that device. If they do not belong on the network, you have discovered a rogue device.

You can further secure IoT devices by segmenting the network and dedicating one segment to IoT. This will allow you to firewall that segment and apply IoT-specific rules. It would also allow you to quickly block traffic from that segment in the event that an IoT device is compromised.

Once you have IoT devices authenticated, you can then gain visibility into their activity using a cloud-native security monitoring and analytics platform like Sumo Logic. The Sumo Logic platform helps you make data-driven decisions and reduce the time to investigate security and operational issues so you can free up resources for more important activities. For even greater visibility into security events, integrated threat intelligence from Crowdstrike is included for up-to-date IOC data that can be quickly cross-correlated to identify threats in your environment.

Reference: https://www.sumologic.com/blog/iot-security/

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

It's no longer good enough to create a high-quality product at a reasonable cost.
That is why we have created 9 compelling warranties to make your usage of our service pleasant, simple, and secure.

Money-back guarantee

You must be completely confident in the quality of your products in order to provide a money-back guarantee. This is precisely how custom paper writing services work. We double-check that there are no hidden issues with this promise and that you are completely happy with the quality of your purchase.

Read more

Zero-plagiarism guarantee

Our writers do not employ others’ writing tricks, because we are aware that plagiarism may cost a lot to our clients and take away their reputation.

Read more

Free-revision policy

We want you to be satisfied with your order, so we offer a free revision policy. If you are not completely happy with your order, let us know and we will revise it for free.

Read more

Privacy policy

We care about our customers and always strive to keep their trust. That’s why Customwritingspapers.com guarantees privacy and safety of your personal information. To ensure total security, we take the following measures:

Read more

Professional Editors

Our team of editors works tirelessly to ensure that all papers meet our high standards for quality. They check for the instructions, grammar, punctuation, and spelling mistakes as well as for plagiarism.

Read more

Fair-cooperation guarantee

We would never want to jeopardize our relationship with you, and that is why we offer a fair-cooperation guarantee: If for any reason you are not satisfied with your order, you can always get your money back.

Read more

Professional Writers

We only hire the best, most qualified professionals to work on your order. Each writer is a degree holder with extensive experience in their field. You can be assured that your project will be handled by a true expert.

Read more

Quality Control

Our quality assurance department ensures that each paper is of excellent quality before it is sent to you. You can be sure that your paper will meet all of the requirements that you set. Our experts are highly skilled and will follow your specific instructions to the letter.

Read more

Customer support

We have a highly professional and qualified customer support team that is available 24/24, 365 days a year. They will be more than happy to answer any questions or concerns that you may have about our company or products. You can contact them by phone, email, or chat on our website.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Open chat
1
Order through WhatsApp!
customwritingspapers.com
Hello!
You Can Now Place your Order through WhatsApp

Order your essay today and save 30% with the discount code DISCOUNT2022