The Internet of Things is a term being thrown around a lot lately. It sounds a lot like Skynet from the "Terminator" movies, but can you explain what this term means and the extent to which I should be concerned about defending my network from the threats IoT poses?
More of an abstraction than a reality, the Internet of Things is nonetheless a fascinating emerging change in the IT landscape that deserves serious contemplation on the part of security professionals.
What is the Internet of Things and what are some Internet of Things issues? Simply put, it's the term for the increasing number of nontraditional computing devices that are being given some sort of Internet connectivity and hence popping up on consumer and enterprise networks. This could be anything from a high-tech vehicle to a basic household appliance. While this scenario sounds infeasible, take into consideration the proliferation of wireless technologies that society has cultivated over the span of just two decades. If you consider that this exponential advancement in wireless functionality is predicted to continue, the aforementioned infeasibility doesn't sound 100% infeasible.
Recent articles suggest that the security implications of the Internet of Things may already be upon us, mentioning several experiments that have been conducted in lab environments. In one such experiment, a group of researchers hacked into the GPS system of a yacht and remotely steered the yacht off-course.
So, how does a security professional prepare for what's to come? For starters, enterprises should require vendors to assert that their products will not succumb to the issues listed in the OWASP Top 10 list of common application vulnerabilities. Network scanning and enumeration should be done on a frequent basis to account for what exactly resides on a given network, though it remains to be seen whether this will become impractical as the Internet continues to move from IPv4 to IPv6, posing challenges for traditional network-scanning techniques. The basis for this assertion is due to the large number of IP addresses available within IPv6. With that said, I would suggest that enterprises perform frequent penetration testing in the event that the IoT becomes a reality as a supplement to network scanning.
In short, the Internet of Things is definitely a fun concept to speculate about -- and one that infosec may call moderately anxiety-worthy. To best prepare, security professionals should stay up to speed on the latest trends regarding the various wireless technologies and stay vigilant with regard to experimental ones.
Ask the expert:
Perplexed about network security? Send us your questions today! (All questions are anonymous)
Dig Deeper on Internet of Things (IoT) Security Strategy
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading