Using Security Zones to Protect Your Network Against IoT Security Risks

The Internet of Things (IoT) is an emerging industry with the expectation that by 2020, we will have 30 billion connected devices. Because IoT is relatively new, there are concerns about the lack of security. In the product design, many security threats exist that could bring a network to its knees.

Protecting a network against security risks is key to keeping a business thriving. Organizations should not wait for a breach in security through an IoT device to react. It is better to prepare defenses to thwart potential threats.

Setting Up Defenses Against Security Threats

Security threats against network services are one of the top vulnerabilities with IoT devices. Anyone who has an IoT device with an IP address connected to a network can make the network more susceptible to a security breach.

The impact of a security breach can mean data loss or corruption, lack of service or provide a means to facilitate other attacks. The potential impact could result in lack of services to customers and impact their businesses.

Yves Lacombe, Vircom’s Director of Technical Support advises to never trust IoT devices to the full extent that you trust a well-setup personal computer. He went on to explain how to use security zones to protect a network against IoT vulnerabilities.

Using Security Zones

The high, medium and low security zones are located behind the network firewall. An IT person may have a Wi-Fi router setup on the network so people can use their cell phone over Wi-Fi to save on data consumption. These users will be put in a low-security zone to prevent any compromises to the network services.

This same rule should apply to IoT. Devices should be put in a low-security zone that way if hackers find a flaw, they cannot get into the deeper parts of a network. IoT devices should not be in a zone that could potentially compromise the network services.

Even the smallest device has a kernel and operating system. If someone obtains admin privileges to that box, the hacker has all the time in the world to compromise a network. Every device has a microcontroller. It has RAM, a CPU, and storage. The security is primitive compared to a full fledged general purpose computer. If someone figures out a way to gain admin privileges to a device, they can use it as a foothold inside a network. That’s why IoT devices need to be isolated, away from billing and accounting systems or IT-related stuff.

“Anything is doable,” says Lacombe “There is no guarantee. As soon as you buy that device off the shelf it is already insecure. It is better to be on the defense. The biggest flaw in computer security is that we now use a Default Allow or Default Deny model. It is better to restrict access.”

Contractors and full-time employees are generally given medium security zone access because they use some internal resources. The desire is to ensure that users have access only to what they need.

Dividing your Network Zones

Security zones are not necessarily built into a firewall, however some firewalls do support zone-based policies.

Typically you would have the following zones:

Green Zone: These are mission-critical servers and workstations that see those servers, file shares, etc.

Blue Zone:  Line employee workstations, they have limited access to network resources but don’t necessarily see mission critical systems.

Orange Zone: Wifi routers for visitors, contractors and other people go here.  Have very restricted view to internal systems (if any).  This is potentially where you would put your IoT stuff.

Red Zone: Internet facing systems / DMZ.

Ideally, your IoT devices should be in the orange zone.  Where they are protected from internet facing systems,  with zero access to internal systems. The nomenclature may change with different companies or firewalls, but that’s the general idea.

That way, if an IoT device gets compromised, they can’t cross into the blue zone or the green zone where you keep your sensitive data.

Summary

IoT can improve productivity and operation efficiencies which are important for any organization. Yet, these devices were not designed to have the same security and privacy measures in place like a PC. Hackers can take advantage of existing IoT security flaws to infiltrate networks.

When connecting IoT devices to a network, devices need to be in the low-security zone. The security on these devices are so primitive, that they need to be isolated to prevent any compromise to network services. The goal is to still give access to these devices but preserve the integrity of the network.