School - I026: XIII - Security, pick one security big security risks in IT and write an review of it - Internet of Things: Internet connected smart devices

This weeks session was focused on security in IT. We needed to take one biggest risks in IT and describe it based on the Mitnic's formula. This contains 3 different parts: technology, training,  policy.

Internet of Things (IOT)

IOT is part of our everyday's life and it will only grow, soon we have sensors and smart devices everywhere, they are not smartphones or tablets, but they can be simple light switch, teddy bear who receives and sends voice messages, cars who come around the corner to pick you up, mirror which tells your temperature, the list is unlimited and it is only increasing. What about Mitnic's formula, how it applies?

Technology

There have been developed special routers for IOT devices, which move them to segmented network to ensure that hacker cannot reach to the computer device network through IOT network easily. Each home should be equipped with firewall inside the router already to keep out the most of the attacks, which just scans ports and tries to get inside trough insecure port. All IOT device access needs to be monitored and alerts of suspicious activity needs to be noticed. Always, when you use IOT device, think it as the weakest point of your computer network (humans doesn't count). Usually those devices are small chips, standard bluetooth/wireless connection points, no additional security layer. Make sure that at least bluetooth / wireless passwords can be changed and no remote access is allowed. Basically it comes to you, and your training and policy.

Training

There are not much trainings of IOT devices, you can acquainted with biggest failures online. There are many good stories out there and summaries as well, like this one in Forbes about IOT bots or how your coffee machine can ruin your life or the Tech Radar article how the hack rate is growing. Just listen to security podcasts, read articles, and always think that this is most insecure part of your network.

Policy

As I have stated two times already. IOT device is the most insecure device in your network (now stated 3 times), then you can prevent a lot by:

• Move IOT devices to segmented network. It would be even good if you have dedicated networks for separate functions of IOT devices based on what they can do.
• Update your firewall, make sure that you log suspicious activity in firewall.
• Make sure that you can change IOT connection passwords and change them often.
• Read about the product before you buy it, use words in google: "how to hack device id/name"
• Always be on alert if it comes to IOT