Guest Written by Gary Sockrider, Principal Security Technologist at Arbor Networks
It’s no secret that the Internet of Things (IoT) is becoming more a part of our lives on a daily basis. Connected devices, such as webcams, smart TVs and CPE devices, are not exactly “new” – in fact, in 1991, research teams at the University of Cambridge used an IP-enabled webcam to monitor when the coffee supply in their coffee machines was running low. However, since that revolutionary coffee monitor was invented almost 30 years ago, the number of connected devices has exponentially increased, already outnumbering the total number of humans on the planet. Industry analysts estimate the number of connected devices to be 50 billion by 2020. Unfortunately, as the number of these devices increases, so do the security risks.
IoT devices are primarily used to control, monitor and manage the technology that we use every day. This means that the devices are typically designed to be easily installed and managed by the consumer. Unfortunately, it also means that in order to minimize deployment costs, many manufacturers develop their IoT devices without stringent security capabilities. And because connected devices often house information such as hard-coded usernames/passwords and protected management services, their limited security makes them prime targets for hackers to exploit for an IoT botnet. In fact, practices like the use of hard-coded, insecure passwords lead to much more serious security threats – and we’ve certainly seen these predictions coming true over the past year with attacks leveraging IoT devices becoming the new normal.
So, with the rise of IoT-based DDoS attacks proving that the stakes have changed, what best practices should we implement to secure IoT devices to better defend against DDoS attacks?
In Arbor’s 12th Annual Worldwide Infrastructure Security Report (WISR), we outline some tips for anyone using IoT or embedded devices. These include:
- Isolate IoT devices from other services, as well as the internet – not every device needs access to your entire network
- Regularly update the software and firmware on your devices
- Shut down unnecessary services on your devices
- Only purchase devices from manufacturers with a proven record of building secure products, and hold them accountable for the security of their solutions
- Monitor your outgoing bandwidth for potential sluggishness related to DDoS attacks
As you keep these best practices in mind, remember that the IoT is causing a major shift in the world we live in by enabling technology in so many different ways. Given the rise of connected devices, we need to be smart about acknowledging and managing the risks that come with all of their intended benefits.