User:Azmy250/sandbox
Internet of Things (IoT) Security
[edit]Introduction
[edit]The Internet of Things (IoT) devices have become more prevalent both in personal lives, such as smart home door locks and thermostats, as well as well as the business environment, such as medical devices. The number of Internet of Things (IoT) devices that will be connected to the internet is estimated to reach 23.14 billion devices in 2018 and climbing to an amazing 75.44 billion devices by 2025. [1] This is a staggering amount of devices and the security of these devices need to be taken into consideration. Although there has been malware around for many years, the number of connected IoT devices has just increased the footprint of connected devices that can be compromised.
History/Current State
[edit]The Internet of Things is a fairly new phenomenon. You can track the term “The IoT to Kevin Ashton about 16 years ago. Ashton was working on supply chain optimization with Procter & Gamble. However, the term IoT did not get popular until recently. The concept of connected devices has been around since the early 70s. It was Google who is responsible for revitalizing the term with the growth of cell phones, apps, drones, and robotics. With the advent of these products, people have been trying to figure out ways to attack in new and unique ways. Because of the variety and sheer volume of IoT devices deployed around the world, in many cases, it can be very challenging to provide adequate levels of security for them across the board. IoT devices have become a very attractive target for cybercriminals. The security of these devices belongs to both the consumers and manufacturers. Without both sides taking responsibility, securing these devices will be an uphill battle. Vendors manufacturing these devices are not taking security into consideration and this is leading to attacks like Mirai botnet (see below). The two main categories that IoT security solutions fall into are network based and host based devices.
The Mariah Malware code was constructed and written to allow attackers to infect and use those devices as part of a larger army of connected devices as part of a Distributed Denial of Service attack.
Protecting IoT Devices
[edit]Guidance for security of IoT devices is a must. Though we can not control the progression and growth of the IoT phenomena, we can work on creating standards and best practices that govern the security of these devices. Assigning responsibilities to include government, manufacture, and consumer is needed. This is especially needed for devices that are being used in the realm of critical infrastructure, such as hospitals. The federal government should should get involved to help implement IoT legislation, mandate adherence to security guidelines, work with the private sector and other government agencies to develop a single cyber process to uniformly categorize high impact and critical infrastructure, and fund programs that will make availability a priority. [2]
The first thing that consumers do to help with the security of devices is to research the manufacturer to make sure that they take cybersecurity seriously. Simple steps like checking if the device uses a password and can the owner change that password. If this is not an option and the default password is the only option, this leaves the device open to being compromised while it is connected to the internet as these default passwords can be easily found using basic internet searches. Users should also check to see if the manufacturer of the device is known to deliver timely security updates to their devices if a vulnerability is found. By taking these into consideration, this will help keep cybercriminals out of your home, business, or any other place that the IoT device is connected. [3]
A new IoT device can be exciting but once you purchase your device, make sure to change your password. Creating a secure password. [1] This applies to not only the IoT device but the devices that they connect to such as routers and switches. Securing your device right away is the best thing to do. Make sure to also visit the manufacturers website to see if there have been any updates to the device. If there are, download and install them right away.[4] One other tip in protecting your IoT device is to try and stay away from purchasing IoT devices that advertise Peer-to-Peer (P2P) capabilities. These devices are known to be more difficult to secure regardless of the security steps you take. P2P devices are configured to specifically tr and find ways to connect to the internet so that others can access them remotely, that is the concept of P2P. [5]
References
[edit]- ^ "IoT: number of connected devices worldwide 2012-2025 | Statista". Statista. Retrieved 2018-02-22.
- ^ "Protecting Critical Infrastructure in the Age of IoT". The State of Security. 2017-09-04. Retrieved 2018-02-22.
- ^ "Securing Your "Internet of Things" Devices". justice.gov. Retrieved 2018-02-22.
- ^ Gold, Jon. "The moving target of IoT security". Network World. Retrieved 2018-02-24.
- ^ "Some Basic Rules for Securing Your IoT Stuff — Krebs on Security". krebsonsecurity.com. Retrieved 2018-02-24.