It includes basic step such as keeping strong passwords to advanced method as implementing NAC (Network Access Control)
Billions of devices such as security cameras, HVAC systems, barcode readers, smart locks, smart lights, industrial machines and more are nowadays connected to the internet, thus classifying them as IoT (Internet of Things) devices. Due to inadequate security controls in place, more and more IoT devices are becoming potential cyberattack victims.
To help businesses fight this growing menace, Cyber Security Services, a U.S.-based cybersecurity consulting firm and security operations center (SOC) has released top 10 strategies for securing IoT (Internet of Things) devices.
- Change default passwords. The first step to improving IoT security is to establish and enforce procedures to change default passwords for every IoT device on the network over a period of time. The passwords can be stored in a password vault similar to how service accounts and privileged user passwords are protected.
- Separate the corporate network. Whenever possible, separate the corporate network from vendor-managed and unmanaged IoT devices. This might include HVAC systems, security cameras, temperature control devices, electronic signage, smart televisions, media centers, security DVRs and NVRs, network-connected clocks, and network-connected lighting. Using VLANs to separate and keep track of various IoT devices on the network is a good idea. Then apply an Access Control List, or ACL, to VLANs or network access ports to enable communication required only for device operation.
- Prevent IoT devices from communicating with the internet unless absolutely necessary. Many devices run old operating and this can compromise its security system during the manufacturing process. While it’s impossible to completely eliminate an IoT security threat, businesses can prevent IoT devices from communicating outside of the organization unless absolutely necessary.
- Control which vendors are allowed remote access to IoT devices. To improve IoT security, businesses can put controls in place to limit the number of vendors granted remote access to IoT devices. Thus, only those individuals that perform tasks under the supervision of knowledgeable employees can be granted access. When remote access is absolutely necessary, ensure those vendors use the same solutions as would in-house personnel.
- Implement a Network Access Control (NAC) solution. A NAC solution can help an organisation improve its IoT security by detecting most devices and identifying rogue connections to the network. It can also apply controls to the devices that are not authorised or are only granted limited access to the network.
- Implement a vulnerability scanner as soon as possible. Vulnerability scanners are effective in detecting the different types of devices connected to a network and are useful tools for organisations to enhance their IoT security.
- Run an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) on the network. While continually running an IDS or IPS on the network will not detect all malicious network traffic, it can offer a good indication when an IoT device has been compromised.
- Ensure proper management of all IoT devices – This includes both patch management at the local device level and enterprise-wide inventory management. Inventory management ensures remotely managed devices maintain records about registration, configuration, authentication, and other pertinent device data.
- Restrict internal and external port communication on firewalls. To elevate IoT security, it is recommended that companies prevent outbound communication unless that communication is specifically required.
- Remove unsupported operating systems, applications, and devices from the network. To improve IoT security, conduct an inventory to know which operating system is currently running on a device.