IoT devises security
After the discussion has been completed concerning with the networking manager of your organization concerning the integration effort, you have actions items to provide 3-5 pages of requirements addressing the security concerns present when IoT devices communicate. Organizations attempting IoT communications will need to bring their security posture to a new level of depth if they are use the benefits of IoT communications, therefore this documentation to be given to the networking is critical to the overall productivity and data security.
The priority will be to provide an explanation of at least 1 page concerning the security concepts present when IoT devices network and communicate.
Provide details for IoT device security: endpoint hardening, protecting against vulnerabilities, encryption and device trust using PKI.
Provide details for IoT network security: context aware user authentication/access control, sophisticated password importance, and network and transport layer encryption
Provide 10 “shall” security requirements associated with the IoT device network communications required for the networking manager to follow when configuring and allowing the IoT devices to communicate on the corporate network. For example, provide at least the depth of the following requirements:
“XYZ Corporation shall provide a security layer performing encryption/decryption and ensuring data integrity and privacy”
“The XYZ corporate network administrator shall be capable of placing owner controls or restrictions on the kinds of devices that can connect to it.”
Identify how the organization can provide audit trails, endpoint anomaly detection and a forensic security capability to ensure a stable security posture.
Notice these are considered Tier 1 requirements, and do not need to be testable. All requirements should be clear, and unambiguous. The security discussion and requirements should be applied to the “network” and “device application” levels. For example, clients use DTLS (Datagram Transport Layer Security) at the Application level.
The use of IoT integration in business is considered as the future’s and plays a vital role in revolutionizing the standards of business models. The integration of IoT continues to rise rapidly in businesses hence allowing billions of devices, services, and people to connect and exchange information. However, the increase in usage means that the connected devices and shared information are prone to security attacks. Security measures and protocols can be applied to ensure authentication, integrity, confidentiality, possession, and availability. The attacks can be deployed in levels such as low-level attacks, medium and high-level attacks. However, the security systems can be based upon the sensitivity of the information, for instance, CIA information will require all the system’s principles to be met.
IoT offers large attack surface due to their various application scenarios hence creating attacks such as the manipulation of embedded data by malicious substitutions. Manipulating data is a dangerous ordeal that compromises the integrity and confidentiality of a system. Study shows the IoT systems integrated into the health businesses have resulted in confidentiality risks (Elliot and Chris, 2014). The connected devices such as drug delivery systems have been attacked before thus compromising the confidentiality and integrity of the systems. Research shows that the common recorded attacks include cyber-physical attacks that compromise the confidentiality of information through leakage of data. The attacks can sabotage a business’ competitive advantage in the market by equipping the competitors with the information to undermine innovations. IoT integration security breaches also occur in the range of devices connects in smart offices for instant access, control, and efficiency. Regardless of the benefits, the connected devices do increase security risks, confidentiality, and privacy issues. Target was a victim of such attacks where the internet connected building control systems were accessed and manipulated (Cavusoglu et al,2106). The attack resulted in confidentiality compromising situations where the attackers acquired access into the Target Network for remote monitoring and maintenance.
One of the major ways to strengthen IOT security is to perform a secure endpoint hardening. The integrated devices often operate independently without close observation that causing vulnerabilities. Making the devices totally proofed will keep out hackers from accessing data that could exploit the hardware’s bonnet. Hardening provides various layers that make it hard for hackers to get through the numerous layered defenses. Protecting the devices from vulnerabilities include actions such as updating passwords, integration of security in the purchasing processes, applying powerful access control mechanisms that entails effective authentication processes that protect from vulnerabilities (Cavusoglu et al,2106). Vulnerabilities can also be prevented through scalable encryption and key management. The IoT device collects large volumes of data that causes the devices to be sensitive thus requiring protection based on sensitivity. Encryption is based on complex algorithms that can secure sensitive information from intruders through processing readable data in a random series of ciphers. Therefore, regular texts become hard to decipher in ciphertext unless it is decoded with a special decryption key.
In cooperating, security by design systems is essential for adequate system authentication thus preventing attacks. Public key infrastructure (PKI) is necessary for data encryption and website authentications. PKI provides scalable and flexible solutions that can protect IoT devices from vulnerabilities. PKI provides flexibility when the user wishes to change security requirements while providing a multi-protocol approach in the cross-platform (Elliot and Chris, 2014). Research shows that provisioning data protection and authentication will be the major concentrated security areas in the next five years.
The security requirements should be followed by the networking managers during configuration processes. Performing security requirements such as password updates and implementing password managers ensure the safety of devices.Banning auto connection portals will prevent vulnerable devices from connecting thus causing security breaches. Networking managers should put the owner controls in space to restrict unauthorized devices from connecting. The network administrator can also provide audit trails such as the distributed denial of service (DDoS) thus preventing cyber-attacks (Cavusoglu et al,2106). The defense can be implemented in layers based on the devices tools thus solidifying protection. Endpoint hardening is also a great way to provide security in layers thus web servers or unencrypted vulnerabilities will be required to get through numerous defenses before entering the system.
One of the must-do requirements for IoT security is updating the devices as soon as they are released for security maintenance. Setting up a firewall is a significant step to protect and defend the IoT systems firewall allows the IoT to be monitored proactively thus blocking risks from the core system. Organizations can accomplish stable security posture by hardening the network. Establishing powerful access control mechanisms with a solid authentication process will ensure that intrusion is prevented (Elliot and Chris, 2014). Hardening the network applies on a whole level from acts like using strong passwords. Using two-factor authentication or multifactor authentication will allow the user to go through an additional step beyond the password thus preventing easy access into the organization’s platform. Integrating machine learning system in the IoT systems such as encryption ensures secure protocols in the organizational network layers hence protection. Most devices integrated into the IoT use different servers and control platforms, therefore, implementing encryption protection protocols will isolate the data between the organization and the users involved. Encryption allows the data to be fully encrypted in storage and transit alike thus allowing the IoT to success and achieve its full potential.
Elliott A. Chris B, (2014). “Elliott Review Into the Integrity and Assurance of Food Supply Networks-Final Report: A National Food Crime Prevention Framework.” Department for Environment, Food & Rural Affairs Food Standards Agency.
Cavusoglu, Hasan, Huseyin Cavusoglu, and Jun Zhang. (2016). “Security Patch Management: Share the Burden or Share the Damage?.” Management Science 54 (4): 657–670.[Crossref], [Web of Science ®]