From the course: The Cybersecurity Threat Landscape
Protect against unmanaged IoT devices
- [Instructor] The number of Internet of Things or IoT devices is growing rapidly and so are the related threats when they're deployed in an unsecure way. The good news is there are some straightforward steps you can take to protect your organization from the threat of unmanaged IoT devices. It's important to understand though that some IoT devices are so poorly designed that they may be challenging to secure. For instance, they might not allow you to change default passwords. So we'll start by looking at a few effective security actions you can take at the network level even if the IoT devices themselves are hard to secure. First, you should conduct an IT asset inventory, run network scans like Nmap to know which systems and devices are on your network. This will help you identify IoT devices you may not have known about. Investigate any that seem out of the ordinary and remove any unauthorized devices. Second is network segmentation. Now that you have an inventory of your network assets, the next step is to identify which ones are your critical information assets and where they are in your network. Use your routers and switches to segment your network and isolate your critical assets from IoT devices as much as possible. Finally, block ports. Figure out which network ports the IoT devices need and block traffic at the firewall for any other ports, especially block Telnet port 23 unless it's absolutely required. Telnet was the protocol that the Mirai attack software used to compromise hundreds of thousands of IoT devices. Some IoT devices on the other hand are easier to secure. If that's the case, then at a minimum implement the following. Change default passwords when possible. This is easily the most important way you can protect your organization and data from attacks against your IoT devices. Attackers know the most common IoT default passwords and will use them to compromise your devices. Changing the default password keeps these attacks from being successful. Next, configure strong security, if possible. Practice the least privileged principle and only give the device and accounts that access it the ability to do what they should be doing and no more. Set restrictive security controls on the device itself if that's an option. And third, install software updates and patches. If the manufacturer is supporting their IoT devices with periodic software updates and patches, make sure you install them in a timely manner. They may include important security fixes that will help protect your IoT devices from attacks. The Open Web Application Security Project or OWASP published the IoT top 10, which is a list of the key vulnerabilities to avoid when building, deploying, or managing IoT systems. If you're responsible for securing IoT devices, I recommend reviewing this list to make sure you've protected against all of these vulnerabilities. By implementing these and the other protections I covered in this video, you'll significantly reduce your exposure to the threat of unmanaged IoT devices.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.