10 Tips to maximize IoT Security

Posted by & filed under Security Alerts, Security News.

Online Trust Alliance spells out best practices for testing, purchasing, networking and updating IoT devices to make them and the enterprise more secure.

Here’s a handy list of tips that can help you avoid the most common mistakes that business IT pros make when bringing IoT devices onto enterprise networks. The list centers on awareness and minimizing access to less-secure devices. Having a strong understanding of what devices are actually on the network, what they’re allowed to do, and how secure they are at the outset is key to a successful IoT security strategy.

  • Every password on every device should be updated from the default, and any device that has an unchangeable default password shouldn’t be used at all. Permissions need to be as minimal as possible to allow devices to function.
  • Everything that goes on your network, as well as any associated back-end or cloud services that work with it, needs to be carefully researched before it’s put into production.
  • It’s a good idea to have a separate network, behind a firewall and under careful monitoring, for IoT devices whenever possible. This helps keep potentially insecure devices away from core networks and resources.
  • Don’t use features you don’t need – the OTA gives the example of a smart TV used for display only, which means you can definitely deactivate its microphone and even its connectivity.
  • Look for the physical compromise – anything with a hardware “factory reset” switch, open port or default password is vulnerable.
  • Gizmos that connect automatically to open Wi-Fi networks are a bad idea. Make sure they don’t do that.
  • If you can’t block all incoming traffic to your IoT devices, make sure that there aren’t open software ports that a malefactor could use to control them.
  • Encryption is a great thing. If there’s any way you can get your IoT devices to send and receive their data using encryption, do it.
  • Updates are also a good and great thing – whether you’ve got to manually check every month or your devices update on their own, make sure they’re getting patches. Don’t use equipment that can’t get updates.
  • Underlining the above, don’t use products that are no longer supported by their manufacturers or that can no longer be secured.

 

The information contained in this website is for general information purposes only. The information is gathered from Computer World while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.