IoT Network Security

---

• Placement and segmentation issues for embedded and IoT systems are best considered by dividing them into three groups:
  • consumer-grade devices
  • smart building technology
  • industrial systems

Consumer-Grade Smart Devices

• likely to use a Wi-Fi network for connectivity and administration
• can be poorly documented
• patch management/security responses can be inadequate
• IoT for residential use:
  • can have weak defaults
  • may have recommended security steps that were never taken
• in corporate workspace
  • main risk is shadow IT
    • unapproved network devices
    • also a risk for remote working when joining via VPN from home network
  • mitigate risks with
    • regular audits
    • employee security awareness training
  • ensure
    • administrative interfaces are secured
    • device configuration and management is assigned to appropriate org roles
    • include all IoT devices in patch and vulnerability management audits

Smart Buildings

• manage and monitor smart building systems over isolated network segments
• ensure strong hardened configurations
  • patch/mitigate vulnerabilities or exploits

ICS/SCADA

• typically implemented as a
  • dedicated OT
  • wireless WAN network
• may be points where these networks are linked to a corporate data network
  • these links have been exploited by threat actors
• isolate management and monitoring of traffic for embedded systems
  • minimize access to and from corporate data network