The Internet of Things (IoT) is ubiquitous, it’s incredible, it’s convenient. But with the proliferation of this technology comes an ever-increasing amount of risk exposure. According to a report compiled by F-Secure, attacks via IoT devices had increased by 300% in 2019 alone. Here are Simple Ways to Improve IoT Security.

Security Starts with Product Development

According to Networkworld.com, some of the steps needed to enhance IoT security are around making sure adequate security testing of the source code has taken place, secure access controls have been implemented and the right level of security standard is followed. Simple but often forgotten techniques, such as the segregation of networks, go a long way to limit risk.

The responsibility for security lies within two distinct areas:

Manufacturers: The manufacturers of IoT devices need to deliver convenience with safety built-in right at the heart of the project and follow the ‘Secure by Design’ methodology. They are ensuring that before coming to market, the following security testing has taken place against the application/firmware code.

End Users – Whether the consumer is a business or domestic, at-home user, security precautions can’t end with the manufacturer.

Security Testing of the Code

As you can imagine, the amount of code within an application or firmware can vary considerably from just a few lines to many thousand lines of code. As such, it is uneconomical and a considerable drain on staff resources to perform a hands-on manual code review at this level.

• Manual Testing

Manual testing involves code review, peer code review, or pass around. These techniques are the act of consciously and systematically convening with one’s fellow programmers to check each other’s code for mistakes, and has been repeatedly shown to accelerate and streamline the process of software development.

• Automated Testing

Automated testing actively speeds up the whole process of security testing and is done via a static (white box) application or a dynamic (black box) method.

Static Application Security Testing (SAST), also known as “white-box testing” has been around for more than a decade. It allows developers to find security vulnerabilities in the application source code earlier in the software development life cycle.

Use Encrypted Protocols

Implementation of encryption on IoT devices is often lower and less secure than on computers. Some of the devices use encrypted communications in their initial configuration but most of them use ordinary web protocols that communicate across the Internet in plain text, which makes them vulnerable to the hackers observing network traffic to identify weaknesses.

At the very least, all web traffic should be using HTTPS, transport layer security (TLS), Secure File Transfer Protocol (SFTP), DNS security extensions, and other security protocols for communications with management stations and across the Internet. In addition, devices that connect to mobile apps or other remote gateways should use encrypted protocols as well as encrypt data stored on flash drives.

Conclusion

The world of IoT products is extensive and can seem overwhelming at times, especially when you are trying to buy wisely. However, you can narrow the scope by asking yourself these things and applying the following criteria to your search:

Where are you going to use the device?

What features are you looking for?

What is your budget?

Is it a well-known and trusted make or product, do friends and family recommend it?

Finally, ensure it is secure by design and close any doors that could be open to cyberattacks.

NMS provides support, consulting services for setting up and maintaining information technology systems. Our focused customers are medium and small-sized enterprise who want to outsource IT services so that they can focus on their main businesses while ensuring their IT platform under continuous & secured professional operation and support.

Contact to us: customercare@nms.com.vn

(techopedia)