June 22, 2020

1409 words 7 mins read

IoT From a Network Perspective: Learning to Navigate the New Realms

IoT From a Network Perspective: Learning to Navigate the New Realms

Let’s play the analogy game. The Internet of Things (IoT) is probably going end up being like a box of chocolates, because you never do know what you are going to get? a big bowl of spaghetti with a serious lack of meatballs? Whatever it is, the IoT should have network folks worried about security. Of course, there is the problem of IoT devices being attached to random places on the network, exfil

trating personal data back to a cloud server you don’t know anything about. Some of these devices might be rogue, of course, such as Raspberry Pi attached to some random place in the network. Others might be more conventional, such as those new exercise machines the company just brought into the gym that’s sending personal information in the clear to an outside service.

While there is research into how to tell the difference between IoT and “larger” devices, the reality is spoofing, and blurred lines will likely make such classification difficult. What do you do with a virtual machine that looks like a Raspberry Pi running on a corporate laptop for completely legitimate reasons? Or what about the Raspberry Pi-like device that can run a fully operational Windows stack, including “background noise” applications that make it look like a normal compute platform? These problems are, unfortunately, not easy to solve.

To make matters worse, there are no standards by which to judge the security of an IoT device. Even if the device manufacturer think about the new gym equipment here has the best intentions towards security, there is almost no way to determine if a particular device is designed and built with good security. The result is that IoT devices are often infected and used as part of a botnet for DDoS, or other, attacks.

What are our options here from a network perspective? The most common answer to this is segmentation and segmentation is, in fact, a good start on solving the problem of IoT. But we are going to need a lot more than segmentation to avert certain disaster in our networks. Once these devices are segmented off, what do we do with the traffic? Do we just allow it all (“hey, that’s an IoT device, so let it send whatever it wants to after all, it’s been segmented off the main network anyway”)? Do we try to manage and control what information is being exfiltrated from our networks? Is machine learning going to step in to solve these problems? Can it, really?

To put it another way the attack surface we’re facing here is huge, and the smallest mistake can have very bad ramifications in individual lives. Take, for instance, the problem of data and IoT devices in abusive relationships. Relationships are dynamic; how is your company going to know when an employee is in an abusive relationship, and thus when certain kinds of access should be shut off? There is so much information here; it seems almost impossible to manage it all.

It looks, to me, like the future is going to be a bit rough and tumble as we learn to navigate this new realm. Vendors will have lots of good ideas (look at Mists' capabilities in tracking down the location of rogue devices, for instance). Still, in the end, it’s going to be the operational front line that is going to have to figure out how to manage and deploy networks where there is a broad blend of ultimately untrustable IoT devices and more traditional devices.

Now would be the time to start learning about security, privacy, and IoT if you haven’t started already. Written by Russ White, Infrastructure Architect at Juniper NetworksFollow CircleID on TwitterMore under: Cybersecurity, Internet of Things, Networks

Author: Russ White

Date: 2020-10-27

URL: http://www.circleid.com/posts/20201027-iot-from-a-network-perspective-learning-to-navigate-the-new-realms/


ICANN Should Keep Content Regulation and Other Arbitrary Rules Out of Registry Contracts (2020-11-23) The domain name system is not the place to police speech ICANN is legally bound not to act as the Internets speech police but its legal commitments are riddled with exceptions and aspiring censors have already used those exceptions in harmful ways This was one factor that made the failed takeover of the ORG registry such a dangerous situation But now ICANN has an opportunity to curb this abuse and..
US Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security (2020-10-15) Co-authored by CSCs Sue Watts and Quinn Taggart The risks of fraud and disinformation in the US election process have been hiding in plain sight CSCs new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics This makes them a potential target for hacker..
ICANN Doubles Down on Technical Internet Governance Label: What Are the Implications? (2020-11-10) Back in September of 2020 ICANN CEO Gran Marby wrote a blog post discussing the implementation of a common strategy for Internet governance IG and technical Internet governance TIG raising the question of whether the ICANN org intended to pursue this distinction moving forward as debated in a previous article This was proven to be the case during the 2020 IGFs Open Forum #44: ICANN Open Forum Tech..
A Look at DNS Trends and What the Future May Hold (2020-10-28) We used to think of computer networks as being constructed using two fundamental common infrastructure components: names and addresses Every connected device had a stable protocol address to allow all other devices to initiate a communication transaction with this device by addressing a data packet to this protocol address And every device was also associated with a name allowing human users and h..
Starlink Will Be Priced to Be Affordable (2020-11-16) Spacexs Starlink User Terminal SpaceX Charging more in affluent markets will increase revenue and tend to reduce the digital divide good business and good karma SpaceX is now serving customers aka beta testers in the northern United States They will soon be doing so in Southern Canada and recently announced that Germany where they have applied for permission and have begun construction on two grou..
2020 Hindsight After 20 Years at ICANN (2020-10-21) After two decades of involvement with ICANN I am stepping down from the Board of Directors where I served for nine years I have spent considerable time of late reflecting on the past 20 years and I have isolated some memories that help frame my time with ICANN November 2000 ICANN07 in Marina del Rey California With only a scant idea of what ICANN is all about I am warmly welcomed by the flag-weari..
Donuts to Acquire Afilias (2020-11-19) Donuts and Afilias announced today that Donuts is acquiring Afilias in a deal that is expected to close in December 2020 for an undisclosed amount The combined entities will support over 25 million domain names spanning well over 400 TLDs The deal will not include certain Afilias businesses such as the mobile software and registrar businesses which will remain with Afilias original group of invest..
Internet Governance and the Universal Declaration of Human Rights, Part 6: Articles 18-19 (2020-12-01) Articles 18-19: Freedoms of Thought and Opinion Co-authored by Klaus Stoll and Prof Sam Lanfranco1 Internet Governance like all governance needs guiding principles from which policy making and acceptable behavior are derived Identifying the fundamental principles to guide Internet ecosystem policy making around digital citizenship and around the integrity of digital practices and behavior can and ..
The Upload Speed Lie (2020-11-04) In the 2020 Broadband Deployment Report the FCC made the following claim The vast majority of Americans surpassing 85% now have access to fixed terrestrial broadband service at 250/25 Mbps The FCC makes this claim based upon the data provided to it by the countrys ISPs on Form 477 We know the data reported by the ISPs is badly flawed in the over-reporting of download speeds Still weve paid little ..
OneWeb Is Out of Bankruptcy, but Not Out of the Woods (2020-11-25) OneWeb which declared bankruptcy in May has reorganized and emerged from bankruptcy Bharti Global an Indian telecommunication conglomerate and the British government each own 422% of the new company and most of the rest is owned by previous investors SoftBank and Hughes Network Systems Hughes will continue work on ground infrastructure and marketing and the original joint venture with Airbus which.. OneWeb Is Out of Bankruptcy, but Not Out of the Woods