The Importance of Security in an IoT World
Last October, the U.S. received a harsh wake-up call about the importance of IoT security. The trigger? A catastrophic DDoS attack on October 21, 2016 that created a massive Internet outage for millions of users. Centered on the U.S. East Coast, the attack disrupted service for many popular web sites, including Netflix, Twitter, and PayPal.
Post-analysis revealed the insidious method behind the attack. First, hackers loaded malware onto thousands of home routers, surveillance cameras, and other IoT devices with unchanged default passwords. The malware then formed a botnet that launched a massive DDoS assault on the servers of Dyn, a major Internet services company.
The far-reaching effects of this attack illustrate the challenges posed by the growth of the IoT. Analysts expect the number of Internet-connected devices to grow from over 10 billion today to 25 billion by 2020. And with high-profile cyberattacks on the rise, security has become the number one topic of discussion when it comes to IoT device deployment in both consumer and business networks.
As usual, we at Xirrus remain ahead of the curve. Our engineers have pioneered the design of ‘IoT-aware’ Wi-Fi, creating networks that accommodate the unique security challenges of IoT devices.
What does this mean? Let’s start from the basics. Organizations and users face two primary challenges when it comes to deployment of IoT devices. First, IoT devices must have the ability to connect to Wi-Fi in a simple manner, given their mass numbers. Second, these connections have to remain secure. However, adding more security features tends to reduce simplicity, making it difficult to achieve both goals at once. Undaunted, Xirrus engineers have worked hard to solve this conundrum. Here’s what they figured out:
Step 1 – Connecting the IoT Device
To connect IoT devices to Wi-Fi, Xirrus has developed a User Pre-Shared Key (UPSK) technology for our EasyPass onboarding solution. Simply put, EasyPass creates a new UPSK per each device, ensuring every device has unique security credentials within the network. That uniqueness becomes crucial later on, since it means that security credentials never get openly shared. EasyPass generates and manages the UPSKs, which the manufacturer or IT administrator then programs into the device. Remember, most IoT devices don’t have keyboards or browsers. Because of this, they cannot connect to traditional captive portals to enter their security information.
Step 2 – Controlling Traffic to/from the IoT Device
Xirrus first pioneered Application Control (Deep Packet Inspection) technology for our Wi-Fi solutions four years ago. We start the traffic control process by feeding this application intelligence into the Xirrus policy engine. Once in action, the engine works to identity and classify IoT devices by type. The network can then enforce Layer 2-4 firewall rules on devices according to their type (sensor, appliance, etc.). Meanwhile, the network also implements Layer 7 policies via the DPI engine. These Layer 7 policies control the application(s) each device uses, through methods like prioritization, bandwidth throttling, and blocking controls.
Step 1 provides a simple way to securely connect devices to the Wi-Fi network. Step 2 ensures only the IoT application can traverse the Wi-Fi network from the IoT device to the server. Such security would have prevented the DDoS attack last October that originated from Wi-Fi enabled IoT devices. Why? Because even with default passwords in place, the malware could not have communicated to the Dyn servers while the application rules were in effect, thus eliminating the malware’s impact.