Internet of Things or IoT is an idea based on the interaction between various products, from a book to the heating system of your home. The aim is to connect all devices with one another and thereby make them work collectively as well as independently. We are, in fact witnessing the impact of IoT in various spheres of our everyday life. We are already living in a hyperconnected world. Computers are now interacting with various equipment of our real life. They are and gaining independence from human beings. But there are some risks.
IoT is a reality, but it will still be much more important when 5G technology and Edge Computing are running at full capacity. Then, you may hear “Houston, we have a problem.” The problem itself is that many of the devices and sensors that were made years ago were made without regard to safety. Such is the case that in most cases they do not have any security measure. This is something that does not happen with the new devices, but what about the old ones? The ESET spokesperson has no doubt that this obsolete equipment is a real problem: “The insecurity of IoT devices is one of the main threats because they are connecting to corporate networks and serve as a gateway to attacks by cyber-criminals. Networks must be properly segmented and efficient measures installed to isolate them from the rest of the network in case these devices are affected. “
There are already several examples of the last two years that some attacks have been caused by devices of this type and therefore should be treated as an element to aecurize. In many cases these equipments have not been conceived with the mantra “security-by-design” and therefore they can represent a security problem. For that reason and as the spokesman of Aruba affirms, “it is important that the NAC type solutions allow to provide a solution to this connection. It cannot be denied or vetoed that they exist in the network, so the necessary measures must be provided to guarantee the connection, first identifying what is being connected to the network through profiling; and then assigning access roles according to said profiling. These Security policies must be adapted to the type of IoT device connected: Does it make sense for a Temperature sensor to send several gigabits of traffic every hour? There is the importance of segmentation and profiling: these devices should only have access to the necessary resources and for this the Security must be adaptive and flexible. One day there may be an IoT device connected to a network socket; later, a user can make use of said shot and the NAC must adapt the policy according to what it has connected to: it must not be a static policy “.
Finally, as Ramsés Gallego of Symantec believes “When, as a society, we decided to connect industrial systems – sometimes critical infrastructure – to the Ethernet network of companies and, from there, to the Internet, we did not consider the problems that complex systems can cause. in the same topology as where our data travels. Furthermore, those industrial systems, which were designed to be functional, to do what they were supposed to do, but with no security measures, represent, perhaps, the most extensive attack surface we have known so far. Therefore, from Symantec we think that considering the industrial environment, that ‘Internet of ALL Things’ as one more element is fundamental. Sometimes you cannot display anything ‘traditional’ in that system (an anvirus, an intrusion prevention system,) but it is possible and must be ‘managed’, reinforcing security to guarantee that the platform only does what it was designed for, with incoming or outgoing but controlled traffic. That’s the way. It is the way to integrate these industrial systems within the overall vision of security of the entity: from the manufacturing plant to the workplace, from the assembly line to the data-center. That’s the way and we believe in Symantec. ” ‘like an everything’. It is the way to integrate these industrial systems within the overall vision of security of the entity: from the manufacturing plant to the workplace, from the assembly line to the data-center. That’s the way and we believe in Symantec. ” ‘like an everything’. It is the way to integrate these industrial systems within the overall vision of security of the entity: from the manufacturing plant to the workplace, from the assembly line to the data-center. That’s the way and we believe in Symantec. “