IoT Security Solutions
Chapter 6 of IoT Infrastructure
IoT Security Solutions
In the first half of 2021, over 1.51 billion IoT breaches occurred, according to Kaspersky. Most used simple exploits, like default credentials, to gain access. In today’s threat landscape, clients are beginning to demand greater security for their IoT devices, which means understanding the security solutions on the market is quickly becoming a necessity for developers in the IoT industry.
In this article, we’ll give you a map to navigate the different types of IoT security solutions. We’ll show how different security solutions work, inform you of how they keep IoT devices safe, and offer recommendations for how to select the right IoT security solution for your application or device.
Executive summary
Let’s start with a quick summary of the major categories of IoT security software available.
IoT Security Solutions
| Security solution | Role in your security infrastructure |
|---|---|
| IoT Firewall | Filters network traffic to control how IoT devices can be accessed |
| Monitoring | Gain visibility to uncover any malicious activity |
| Encryption | Prevent prying eyes from pilfering your data in transit |
| Offensive tools | Scan the network and find security issues before attackers |
With these simplified definitions in mind, let’s take a closer look at each kind of security solution, and see some real examples of how they protect your IoT devices.
What are the different types of IoT security solutions?
Wading the saturated market of commercial and open source security solutions can feel like navigating the ocean with a canoe. Let’s clear up those murky waters by organizing solutions into four categories:
- Firewalls
- Monitoring
- Encryption
- Offensive tools
Below, we’ll explain exactly what each of these four IoT security solution categories is.
Firewalls
In the IoT world, you may wish to limit access to a device so only local IPs can reach it to reduce your system’s attack surface. Or you may want to ban IPs that try to access certain ports. Firewalls allow you to protect devices by restricting incoming and outgoing traffic.
Firewalls filter traffic according to rules you define. (Source)
Why is this so important? Suppose you have an Industrial IoT (IIoT) device, like a smart HVAC (heating, ventilation, and air conditioning) system. Workers change the temperature from physical panels which connect to the central HVAC controller via the local network. Since there’s no reason for the central controller to receive unsolicited connections from the Internet, you can prohibit external traffic with a firewall. That way, only local clients can even attempt to connect to the controller.
To demonstrate how a firewall works, we can set up a real firewall to protect an IoT device. Linux operating systems — like Android — dominate the embedded system and IoT. And, while nftables is slowly gaining popularity, iptables is the predominant Linux firewall in the IoT space; so we’ll use iptables in our example.
The IoT device in our example is a Huawei AR502H Edge Computing IoT Gateway, but the principles easily translate to other IoT systems and devices.
Huawei GTWY> # 192.168.0.0/16 is the IP range of the local network so we allow that
Huawei GTWY> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
Huawei GTWY> # 127.0.0.0/8 is the IP range of the device itself, allow that too
Huawei GTWY> iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
Huawei GTWY> # Drop all other traffic
Huawei GTWY> iptables -A INPUT -p tcp --dport 22 -j DROP
Now that we’ve set up the rules in iptables, we’ll try to connect using an external IP and see if the firewall does its job.
Huawei GTWY> # Set the IP address of the Huawei IoT Gateway
Huawei GTWY> export HUAWEI_IOT_GATEWAY=190.14.134.77
Huawei GTWY> # try to remotely access the IoT device using SSH
Huawei GTWY> ssh "admin@$HUAWEI_IOT_GATEWAY"
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
ssh: connect to host 190.14.134.77 port 22: Operation timed out
Huawei GTWY> # The time out error is consistent with the firewall not responding
We can see that the firewall worked as intended because the connection times out and does not respond.
This is just one example of the power of IoT firewalls. For instance, we can also use a firewall to log suspicious connections and forward those logs to a monitoring platform for storage and analysis. To learn more, check out our article on IoT Firewalls to learn more: article - iot firewall.
Monitoring
How would you know if an attack was occurring against your IoT infrastructure right now? IoT monitoring solutions help solve this problem.
Monitoring solutions offer real-time alerts, analysis, and intelligence on various activities across devices, including threats.
For example, in 2021 AmeriGas disclosed a breach that only lasted 8 seconds before the intrusion detection system caught the abnormal activity. Incident response protocols automatically reset the relevant account credentials. According to a report on the incident from Forbes:
Security teams need to be able to recognize the initial attack long before any information is stolen and encrypted. For this reason, every organization should be using some type of always-on inline monitoring system that can look for unusual behavior and respond in near real-time, rather than relying on daily reports.
Security is just one instance of the immense value of monitoring for companies with IoT products. Modern organizations inform their data-driven policies with top-notch business intelligence. Thorough monitoring gives analysts a base of quality data to build reports and derive insights.
Dashboard for OSSIM, a free and open-source security monitoring solution. (Source)
In addition to excellent community-led projects like OSSIM (pictured above), enterprise users may wish to consider a more comprehensive commercial IoT security solution like Macrometa, which integrates real-time threat detection for IoT APIs.
IoT monitoring is a broad topic, and doing it right means considering logging, data analysis tools, and other themes that transcend security. If you want the full scoop on the ins and outs of IoT monitoring, check out our article on the topic: article - iot monitoring.
Encryption
In the context of IoT security, encryption can be used in many beneficial ways. One of the most common applications is encrypting HTTP traffic with TLS (the successor to the more well-known SSL, which is deprecated) for HTTPS connections.
An introductory explanation of TLS is beyond the scope of this article. Still, in a nutshell, it’s a cryptographic protocol that ensures the authenticity, confidentiality, and integrity of traffic between endpoints. The benefits of TLS encryption include:
- Outsiders can’t snoop on your traffic
- Verification the server you're communicating with legitimately represents the domain
- Data hasn’t been tampered with in transit
Best of all, setting up TLS is easy and free.
Let’s walk through an example using Ubuntu and Nginx. In this example, we’ll use the CertBot command-line tool to install a Let’s Encrypt certificate.
Simply run the following commands:
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
$ sudo certbot --nginx
$ sudo certbot renew --dry-run # test the new cert
$ # the cert should be installed
You can find full instructions for installing TLS certificates using other operating systems and web servers here.
Offensive tools
Offensive tools are the IoT security solutions that penetration testers and other security professionals use to actively test the security of a device or network.
While there are security professionals that dedicate their careers to using these tools, you don’t need to be an offensive security engineer to take advantage of them.
The process of an offensive security audit. (Source)
Nmap is a classic example of a powerful offensive security tool that even non-experts can use. For example, with nmap, we can create a network map to detect suspicious or poorly secured devices, identify open ports, and see what software and version they’re running.
Below is an example of how nmap works in practice. Here, the nmap 192.168.0.1 command scans the same Huawei IoT Gateway we used for our firewall example:
$ nmap 192.168.0.1
Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-07 20:28 CST
Nmap scan report for 192.168.0.1
Host is up (0.0065s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
1900/tcp closed upnp
5000/tcp open upnp
9100/tcp closed jetdirect
Offensive security is too broad of a topic to thoroughly cover in this article. If you’re interested in learning more, consider consulting a beginners’ resource like Cybrary.
Compare
| Platform | Real-Time Event Processing | Internet Scale Throughput | Stateful Edge Device Processing | Cross-Region Replication | Geo-Fencing and Data-Pinning |
|---|---|---|---|---|---|
| Azure IoT Edge | ✔️ | ✔️ | |||
| AWS IoT Greengrass | ✔️ | ✔️ | ✔️ | ||
| Macrometa | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
IoT security best practices
Even for experienced security engineers, addressing the unique challenges of IoT security can be difficult. Limited resources, antiquated hardware, and unusual restrictions make selecting the right IoT security solution challenging.
In the following sections, we’ll provide tips for addressing IoT security challenges and keeping IoT devices as safe. Keep the best practices outlined below in mind when shopping for IoT security solutions to ensure that you select a product that checks all the right boxes.
IoT security best practice #1: Keep software up-to-date
Even if your IoT software is the latest and greatest today, it will eventually become out-of-date. Many older IoT products rely on customers to periodically check software versions and update them manually (or just upgrade to a newer device). A more modern approach is for the devices to reach out to a server to check for updates periodically.
Clients who want more control over versioning should be able to opt out, but by default, devices should be able to auto-update via an Over-The-Air (OTA) update routine.
IoT security best practice #2: Implement authentication the right way
Strong authentication practices are the cornerstone of security. But how can you develop your IoT apps to implement authentication securely? The most important lesson is keep it simple. Don’t reinvent the wheel unless you have to. Instead of designing an authentication mechanism from scratch, use established platforms and frameworks whenever possible. Amazon Cognito, Firebase Auth, and AWS IoT Fleet Provisioning (for the devices themselves) are all preferable to writing custom authentication logic, which should be a last resort.
When looking for the right auth solution, or if necessary, implementing it yourself, keep these principles in mind:
- Prefer multi-factor authentication wherever possible
- Disallow access to devices via Telnet (if remote shells are necessary, use SSH instead)
- Never ship devices with “default” credentials. The user can select initial credentials when they set up the device if needed
- Hash and salt all passwords
Conclusion
Attackers frequently exploit insecure IoT infrastructure to gain a foothold into a target network. From there, they can escalate and penetrate further into the organization.
Given the damage ransomware, data theft, and other attacks can cause, you don’t want to be responsible for a breach. By diligently selecting the right IoT security solutions using the information and best practices we’ve discussed here, you can reduce the risks facing your IoT infrastructure.
Like the Article?
Subscribe to our LinkedIn Newsletter to receive more educational content.