I had an email exchange with Timur Kovalev, CTO of Untangle, on IoT and the focus was what 3 things are critical to anyone building a Smarthome. Since I have a Smartphone, which doesn’t always work as it should, to me the subject was topical.
So let’s get to it.
Figure out what’s connected and what’s calling home: Timur wrote “If you don’t know which devices are connecting to your network, you can’t properly secure them. Consider putting a firewall with application-level visibility at the gateway to prevent malicious access attempts while giving you a deeper view into what requests your devices are making.”
Increasingly almost every device we have is connected. In most cases I think most of us know which ones because our home networks aren’t that reliable and we get errors. But eventually virtually every sensor, camera, and appliance will be looking for a connection and if it doesn’t make it securely it may be breached and suddenly it will be controlled by someone who may not know or like you.
As Timur pointed out, if you don’t know it is connected you won’t know it needs to be secured.
Give IoT devices their own network: Timur wrote “If your Wi-Fi router supports it, create a separate local network for IoT devices. Segmenting your network gives you an added layer of protection in case one of your devices is breached. Better yet, don’t allow IoT devices to access the network unless they absolutely need to.”
You know a lot of early devices did have their own network. I have both Sonos and Insteon in my home and both have their own network and are connected to the house network through a hub/gateway. I’m a big believer in that approach because then you just have to make sure the hub/gateway is up to date. Dell and Intel went this route for their corporate solution and it just seems far more simple to update one device and through it the others as opposed to updating every single connected device one by one.
Reset default passwords with unique, complex passwords and use a unique password for each IoT device: Timur Wrote “You need to give your IoT device passwords the same thoughtful consideration that you give to other networked devices like smartphones, tablets and PCs. Make a point of changing passwords regularly and keeping firmware on the devices up-to-date.”
Passwords are, and have always been, a problem. If we make them simple and reuse them they can be hacked if we make them complex and different, we have to either wrote them down or risk forgetting them.
For those of us on Windows 10 we’ll be able to use the LastPass password manager which will, or did, show up with the next update. But however you get there having a good Password Manager so you can use a strong password is perhaps the only consistent way to address this issue until we get smartcards working on PCs or an alternative like Microsoft Hello takes hold.
Wrapping Up:
Here is a 4th – Update your firmware on routers. I added this one because Untangle has both a service and an appliance that assures your IoT network protection is up to date. But if you don’t have a service, and most of us don’t, it is wise to go into your router from time to time and update it so it doesn’t get hacked.
Right now it may not seem all that important to secure your stuff but wait until your heating system, appliances, and entertainment devices are connected. Having them used to tell burglars when you are away from home, or just annoy you at 3AM in the morning, would not be particularly fun.
So, as you connect this stuff, think about keeping it secure from the start. Know what is connected, put them on their own network, secure the thing with real passwords (use a password manager), and make sure your security products (routers for the most part) are kept up to date so they aren’t hacked.
If you start with this set of guidelines, by the time your connected devices rule you home you’ll be ready and sometimes being safe is all about being ready.
I had an email exchange with Timur Kovalev, CTO of Untangle, on IoT and the focus was what 3 things are critical to anyone building a Smarthome.