What is Internet of Things (IoT)?
All these words mean the same thing. You are probably curious what they are and how they may affect you. The Internet of Things (IoT), The Things Network, Internet de las Cosas (for those Spanish speakers) and What is Internet are commonly searched terms or phrases on Google from people who want to know what they are and the meaning of IoT. Your devices (surveillance cameras – CCTV, alarm systems, appliances that are IP-enabled, cars equipped with Internet, home apparatuses that aim to make your life easier by allowing you to remote control your home heater from an app on your cellular phone, for example; voice recognition devices such as Alexa, the Dash button on Amazon, and your mobile devices (iPads, iPhones, Androids, etc.) all basically have internet connectivity. How does the technology affect you? Remember, most manufacturers ship devices and appliances with default settings because they mass produce them with the same settings.
For example, device from manufacturer A may has the default password set to serial x. The systems are pre-programmed to generate serials numbers assigned to the device, and, accordingly, they ship the device with instruction stickers that say to use serial X as the password. This is fine and makes it simple for end users to access and get their systems up and working. However, this doesn’t secure the device from users outside your domain. It is not the job of manufacturers to help you secure the network. Otherwise, they would spend countless hours customizing these systems and would not be able to quickly ship them to fill demand.
If you want to avoid intruders, you need to secure your devices by configuring a firewall, only allowing certain protocols and ports needed to run the appliance. Depending on the device, you may want to segment the traffic, so they are completely segregated from the rest of your other networks, especially valuable for industrial businesses that have highly-sensitive data and traffic on their networks. If you have surveillance cameras running, they are likely completely isolated from the rest of the corporate network. Why? Because surveillance cameras are serving public users and are connected on the outside, even noticeable to public eyes. They are easy targets and attackers become curious to see if these cameras are hackable and may attempt to gain access. If the hackers are able to gain access to this part of the network, they will be able to gain access to any part of the network connected.
If you just bought any devices that is IP-enabled, and you’re able to access it from the Internet, make sure it is secure. Look for changes to the default username, password, or IP address and limit public access by using a firewall. In other words, make it completely isolated from any critical data on your network and/or at home.
The number of Internet of Things, IoT or Internet De las Cosas devices are increasing yearly. The number of connected devices surpasses billions and will reach around 29 billion by 2022. This is why internet providers are already deploying IPv6 on these devices.
Another important example, especially for healthcare providers and healthcare patients, is the fact that health information is now accessible from mobile apps and online. Regulations are in place such as the Health Insurance Portability and Accountability Act (HIPAA) that require data to be secure if any individual’s personal information is transmitted. One way for healthcare providers and businesses to insure such data is with Cisco Identity Services Engine (ISE). You can read more here at: https://www.cisco.com/c/dam/en/us/products/collateral/security/medical-nac-white-paper.pdf.
If you have IoT devices on your network and are not sure if it is secure, at Accend Networks, we can provide a risk assessment by thoroughly scanning it. We will provide a detailed report from outside your network and let you know if vulnerabilities exist and the solutions to fix them. Having a third-party provider can help you look at things of which you are not yet aware. Even if you think you have secured your network, and if you organization is one that requires compliance by law, we have the tools to help you.
Below are a sample of items we can assist you identify on your network: