Oct 19, 2022
Do Not Neglect Your Fish Tank Thermometer When Implementing Cybersecurity
Anything that is connected to your network can be used as an attack vector
Nowadays, it is pretty common to see that companies are somehow aware that they need to implement cybersecurity measures.
Nearly everyone has a firewall, and most also implemented some email security gateway solution — be it within Microsoft 365, or for their on-prem email servers.
But did they secure their cameras, thermometers, or printers?
IoT hacks
The thermometer incident I mentioned in the headline is not made up. It took place in 2018 in one Las Vegas casino.
Through the insecure thermometer, hackers were able to find and download information about the casino’s biggest spenders.
In case you want to read more, this article might be what you are looking for (although the attached report is no longer available).
The reason why these attacks happen is quite straightforward, and Sun Tzu would be proud.
“So in war, the way is to avoid what is strong, and strike at what is weak.”
― Sun Tzu, The Art of War
IoT devices in general have no means to run some endpoint device security, such as antivirus or EDR solution. If you want to have them secure, you need to secure everything around them — the network.
And why is that important? Every connected device can be used as a bridge to the rest of your devices. You certainly do not want anyone getting to your customer database with all your information through an IP camera, do you?
Removing weak points
Since it is not possible to implement endpoint security on IoT devices, in most cases, you have to reach elsewhere. In this case, start with the network level.
Network segmentation
First, segment your network. Make sure that IoT devices cannot communicate with the rest of your network. Allow only the necessities so they could work. Block everything else.
If possible, try to keep every IoT device isolated. If not, group IoT devices so in case someone takes control of one, they will not take control of the rest of your IoT devices. You would not like someone turning off your HVAC in the server room via your printer.
Some IoT or OT devices can be in secluded locations, such as windmills. For cases such as these, you need to implement safe remote access to the device, so that a technician does not have to go there personally every time they need to adjust something.
Once you did the basics, you can expand on that. The next step is to involve a DNS security solution.
DNS Security
These solutions intercept all the DNS requests which accompany nearly all network communication and can determine whether they are malicious or benign, with some margin of error of course.
These are usually quite simple to implement. You set up the DNS server and then make sure that your firewall/ switch redirects all DNS requests to it. Block every other that should be leaving your internal network to make sure no one bypasses your new DNS security solution.
Network Security Monitoring and Response
If you are serious about securing your IoT/ OT infrastructure, you should look at Network Security Monitoring and Response (formerly known as Network Traffic Analyzer) type solutions.
These are usually placed next to your core switch and they monitor all the network traffic. Both inbound and outbound.
They see all the traffic, which device communicates with whom, and more. To get the most out of it, make sure that they support and provide visibility into SCADA protocols, too. Being able to get some important information from SSH or DNS is great, but you need to see DNP3… tough luck.
Let me know how you feel about what you have just read. I am looking forward to hearing more from you! If you liked what you just read, try to see how many times you can hit 👏 in five seconds — not only do you get a little bit of extra movement (burn that one calorie), but you also help me reach more people with my writing. Keep tuned in for posts that are yet to see the light of the world, and follow to not miss out.
Thanks for reading and take care!
