Securing the IoT is a multi-faceted effort that requires big moves as well as small adjustments to ensure networks, systems, data and devices are protected. Here are 7 security practices you might not have considered.
IoT security-One of the biggest concerns with the Internet of Things (IoT) is making sure networks, data, and devices are secure. IoT-related security incidents have already occurred, and the worries among IT, security and networking managers that similar events will take place are justified.
“In all but the most restrictive environments, you’re going to have IoT devices in your midst,” says Jason Taule, vice president of standards and CISO at security standards and assurance company HITRUST. “The question then isn’t if, but how you are going to allow such devices to connect to and interact with your networks, systems and data.”
What can organizations do to enhance IoT security? There are plenty of options—including a number of practices that might not be so obvious.
IoT security: start by thinking small
To build better security into IoT, organizations should start with the smallest component in their network infrastructure—the code, says Laura DiDio, principal at research and consulting firm ITIC.
“The majority of IoT devices are very small,” DiDio says. “Therefore, the source code tends to be written in the ‘common tongue’—C or C++ and C# languages which frequently fall victim to common problems like memory leaks and buffer-overflow vulnerabilities. These issues are the network equivalent of the common cold.”
And like the common cold, they are pesky and persistent, DiDio says. “In IoT environments, they can proliferate and become a big and often overlooked security problem,” she says. “The best defense here is to test, test and re-test.” There are a variety of well-regarded testing tools on the market that have been used for IoT devices, DiDio says.
Security and IT administrators can also use stack cookies, DiDio says. These are randomized data strings that applications are coded to write into the stack just before the Instruction Pointer Register, to which data overflows if a buffer overflow occurs. “In the event a buffer overflow does occur, the stack cookie gets overwritten,” she says. The application will be further coded to verify that the stack cookie string will continue to match how the code was initially written. If the stack cookie doesn’t match, the application terminates.