Top 5 Misconceptions of IoT Network and Device Security
Why would I care about the type of device that connects to the network? Someone has already approved it!
IoT devices seem to get all-access passes to corporate networks due to the assumption that they can bring no harm to your network.
What users fail to comprehend is that IoT devices are possibly the weakest point in the corporate network. When an IP connects to an internet forum that’s okay, but when that IP is an IP security camera, itprobably means that, that IP security camera is compromised.
Only IT teams connect IoT devices to the corporate network The notion that ONLY IT teams connect IoT devices to the organizational network doesn’t reflect our reality.
In reality, there are many instances where an employee can connect their own device to the corporate network without it being cleared by IT. For instance, a doctor might bring a medical device to help him better diagnose his patients, he just plugs the device into the hospital network and uses it. Since IT never checked its security settings, the hospital network becomes susceptible to malicious activity, such as the theft of patients’ medical records.
If it’s a hardware device – it’s secure! On-prem appliances provide security teams with a false sense that they are safer than other softwarebased solutions.
The truth of the matter is that once appliances leave the vendor, regular firmware patch updates are required. Appliances that have not been vigilantly updated with the latest firmware patch expose corporate networks to security risks.
It’s ok to connect your point of sales (POS), PC and IP Security camera on the same network segment What can potentially go wrong? It’s convenient and easy to define. There shouldn’t be any issues from a security stand point. Right? Wrong!
Since IoT devices are your weakest link, putting them on the same network segment as other devices, you not only put them at risk, you also make the hacker’s job much easier.
If it’s up and running, it’s good to go! Another common misconception is that if a device is working on default configuration, then that is enough. For example, setting up an IP camera on the network without first changing the default password.
This default configuration poses a significant threat by exposing the device to attacks from other unsecured devices. Failing to change the default settings on an IoT device can allow a hacker to remotely execute malicious code, spy on users, break devices, or recruit them into a DDoS botnet through a known backdoor. Most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.
Embracing IoT and cloud: It’s all about visibility and planning
Healthcare is one of society’s most vital industries, yet many healthcare organizations are struggling to keep up with technological innovations, namely the Internet of Things (IoT) and cloud computing. In this guest post, Ofer Amitai, CEO and co-founder of Portnox, a company that delivers network access control, visibility, management and policy compliance to ensure networks run smoothly and securely, provides ways healthcare organizations can control their exposure to risks.
The hesitance of some healthcare organizations is understandable, as making these changes could put lives at risk if the technological transfer fails or creates security concerns for the safety of patients’ protected health information and personal medical devices. While these concerns are valid, there are a number of benefits in making the shift to IoT and cloud computing technologies that causes organizations like MarketsandMarkets to predict that by 2020, healthcare spending on cloud services will reach $9.5 billion.
IoT is a big deal for health care because it has so many relevant applications. From personal medical devices, like pacemakers and insulin pumps, to vital hospital equipment for patient care and facility operations, the applications seem endless. Yet hospitals are concerned with the lack of security regulation for IoT devices and that by applying the technology known for increasing efficiency and productivity, they could be putting their business and even patients’ lives at risk. However, there are a few simple ways that healthcare organizations can control their exposure to risks from IoT devices using existing solutions in their data center.
Security best practices
Securing IoT devices beings, first and foremost, by gaining visibility into the connected endpoints on the network, including device parameters such as operating systems, anti-virus/anti-malware status, and running applications to identify potential areas of vulnerability. Once organizations know what’s on their network – a step that’s sometimes overlooked when it comes to IoT medical devices – they will be able to effectively prepare their IT teams to address areas of risk.
Another best practice is segmenting IoT devices (that often can’t be patched) into a separate part of the network, so that if they’re commandeered by a hacker, they can be easily contained and controlled. This creates a boundary between the IoT devices, sensitive medical records and other endpoints, such as laptops, PCs, etc., and other medical devices to control against lateral attacks across the hospital network.
Finally, another important rule of thumb is to change the default credentials of IoT devices connected to the network. The logon credentials of nearly 36,000 medical devices are listed on the Shodan network for Internet-connected devices, which makes them easy targets for hackers. Once these credentials are changed to unique passwords, hackers will have a harder time accessing the IoT device to carry out an attack.
While IoT transforms the lives of healthcare employees and patients, cloud computing has also shown its immense benefits in improving the management of healthcare data, as well as hospitals’ network infrastructure. Some of the top benefits of moving to the cloud for CSOs/CISOs in the hospital environment include: flexibility, reduction of capital expenditures, efficiency and improved doctor-patient relations.
With solutions like cloud storage, hospital data centers can store information off-site and make data accessible to patients and doctors in all locations. In addition, with data off-site, hospitals increase their resiliency to cyber threats and ensure business continuity, in the case of weather events or other disasters.
The move to the cloud also means hospital CISOs/CSOs no longer need to renew physical hardware and software to keep their data centers in compliance with industry standards, making investment in security appliances an operational expense as opposed to a hefty capital expense. Finally, cloud solutions are known for fast deployment, which makes time for data center professionals to engage in more essential tasks, such as monitoring the network for vulnerabilities.
Despite the wide range of benefits inherent in the cloud shift, CISOs/CSOs remain concerned with the security of these solutions. That’s why, in addition to deploying cloud security solutions, hospital data centers should ensure they have a full-proof security and mitigation plan in the case of a cloud outage or weather event (preventing Internet access, thereby preventing access to the cloud).
In addition, CISOs/CSOs should encourage a peer review system so that network security is being actively monitored in house, together with the cloud. Some hospitals have decided to categorize which data is relevant for storage in the cloud – patient health records and financial systems, for instance – as opposed to what is managed on premise, such as emails and security appliances. These are decisions that every hospital should make based on its business needs.
IoT and cloud computing have real value for healthcare industry because they allow for a democratization of patient-doctor relations like we’ve never seen before. Indeed, allowing patients full access to their healthcare records so they can receive adequate medical care from any location and any doctor is what IoT and cloud enable.
These advancements are great news for patients and doctors, but slightly worrisome for IT security professionals tasked with securing the hospital network. However, with enough planning and visibility into the hospital network, IoT and cloud can be embraced with open arms by the IT security community.
Ofer Amitai is the CEO and co-founder of Portnox, a company that delivers network access control, visibility, management and policy compliance to ensure networks run smoothly and securely.
Update for V-Ray for Nuke
With version 3.6, you can take advantage of new render elements, and enjoy support for Nuke 11.
New features include:
With the Light Select Render Element in V-Ray 3.6, you can now render the full contribution of any light, or group of lights, including global illumination, reflections and refractions.
Cryptomatte automatically generates ID mattes with support for transparency, depth of field and motion blur.
This update is free for all V-Ray for Nuke customers.
Sign up to get a free V-Ray for Nuke trial >
Discover pricing options for educators and academic institutions>
New review from SC Media about TrapX Security Deception Grid™
Check out new review from Peter Stephenson, technology editor, SC Media about TrapX Security DeceptionGrid™ :
"This product is the most representative of what we see as an advanced deception network. It is actively morphing constantly to cut off the intruder at every turn and lure him into the deception grid and away from the real network using advanced AI and an escalating deployment of lures and deceptions. DeceptionGrid is an exceptionally well-thought-out system that has a specific process feeding a workflow and integrating with third party tools. In the early stages of an attack, the intruder is led through a series of intensifying functions that either derail the attack or lead it to a conclusion that is, itself, a dead-end.
The first stage is the deployment of endpoint lures. These are low interaction and are intended to move a genuine attacker along or to defeat the attack as in the case of a script kiddy who finds himself seeing assets but getting nowhere near them and giving up. The next stage is a medium interaction trap that masquerades as whatever is typical within the victim network. This is not a full operating system but has the characteristics of one. A persistent attacker is led to a high interaction honeypot which is a real (virtual) machine with a complete operating system and the types of applications and activity that would be expected on the real network.
This behavior is routed to the workflow, which collects intelligence dynamically and feeds an incident response process supported by third-party products such as SIEMs. The process is bait attackers with endpoint lures, then trap them with emulated traps and engage them with full operating system traps. The medium interaction traps can be deployed in very large numbers to help detect lateral movement when taken with the targets makes it easier to identify attackers.
The system can deploy any quantities of up to 500 unique decoys. When it is time to deploy full O/S decoys it uses lightweight virtual deployments, such as .ova files. These decoys can be deployed manually, can be imported or the system can decide what it needs on the fly. The medium interaction decoys are not full O/S deployments though they appear to be and have all the characteristics, behave correctly and the attacker cannot use them to escape into the real system.
High interaction honeypots are full O/S contained in a wrapper that allows the attacker to interact at all levels without being able to escape into the real operating environment. The deception tokens are lures or breadcrumbs that draw the attacker towards the safe part of the deception grid. To aid in identifying malware, a sandbox subscription is included in the licensing fee.The highpoint of the system is the event analysis.
This consists of the event analyzer, attack visualization, forensics, event correlation, the monitor and the event workflow. Attack visualization is one of the system's crown jewels. The visualization shows exactly what the attacker has done, how it has moved and with what it is interacting. Drilling down gets significant detail. TrapX contends that because assets in a deception network are not real they have no business reason to exist. Therefore, any attempted interaction must be malicious. The web site is adequate and there is premium support included in the licensing fee.