THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Protecting your home network One of the hottest areas of technology these days has been the development and the adoption of the Internet of Things (IoT) devices within the home network. While this technology continues to evolve and the public adopts new applications of this technology, there are still questions that need to be answered. What are some of the security measures that vendors need to implement to help to protect the individual users data? What is IoT? IoT devices are those devices that you would not normally consider to be a computer and that may be networked or created to be “smart” in order to offer greater flexibility or application. Some devices that fall into this category are:
AI & IoT Artificial Intelligence (AI) is where computers learn certain behaviors or responses to inputs from their environments or users. Computer learning algorithms teach a computer system to learn and how to react to those inputs. Some examples of AI would be Alexa by Amazon, and Siri from Apple. These applications of AI allow the users to be able to access content or effect the environmental controls around them, such as turning lights or music on or off. The current application is to allow an AI such as Siri to access your smart devices in order to control them for you via voice commands or via a Wi-Fi connection to your home network. Security Issues
Some security issues that still worry the IT Security Pros are those that deal with access controls, and vulnerability management. These two areas lend themselves to providing vulnerabilities that could lead to a compromise of a home network. The average user is not thinking that about the security behind the product, all they want is a device that they can connect to the network and that it just works and does what they need it to do. Authorize & Authenticate Devices While IoT devices and services are being adopted more and more, some gaps in security continue to remain. One key areas is the authorization or authentication of the devices on the network. This needs to happen in order for the devices to be able to access other applications or services. The more devices that you have on the network, the more places for potential compromise or failure. Manufacturers of these devices need to provide support for complex passwords and allow users to change the default settings. This will go a long way in securing these devices on the network by preventing default access accounts. Security should be the key to the development of new devices as the public becomes more aware of their need to protect their personal information. Manage Device Updates/ Patches Patching the firmware or other operating system can be a daunting task, even in a small network environment. (With a small installation of an AI and some basic IoT devices onto a home network, you could have an addition 12 to 20 devices connecting to it). Updates and patches to the device firmware should happen over the air in order to prevent devices not being patched and continuing to have security holes. Ensuring Data Privacy What happens to your sensitive personal data that you share with the Echo? What sort of protections are put into place so that nobody will be able access this sensitive information? The problem here is that there is very little that is currently being done by the companies that are putting out these devices. This information should have the current best practices when dealing with protected data. Sensitive information should be encrypted and the data should be stored and protected from being compromised. Devices that use personally identifiable information (PII) should only store the information only for the purpose that it was asked for. After the use of the information, it should be disposed of according to current best practices, but if the data is to be retained, then all protections should be in place in order to protect the specific type of data that it is. (HIPPA for health data/ PCI for credit card info). Management of Vulnerabilities Managing vulnerabilities might seem like a no brainer to some of us, but having devices and applications that are created or manufactured by different vendors makes this a complex task. What might be a vulnerability to one device may indeed make another device not work at all. Even some settings for your network gateway may prevent some devices from getting updates, while others get them. Managing a list of devices and what firmware configuration will allow the user to better manage these devices. Installing updates and patches when they are deployed by the vendor is needed in order to address an identified vulnerability. While management of vulnerabilities is easier to do in a business environment, it is also becoming more complex in the home environment as well. Summary The widespread adoption of new technology has a way of spurning innovation in a variety of different fields all at the same time. From home electronics, to medical equipment, IoT has proven to be an effective way to get more out of those devices we use every day. While innovation is a good thing, the lack of security controls should be a concern for all of us who use them. Data and the access to it has become one of the largest driving forces in business today, but securing that information should be just as important as what the device can do for you.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|