Why The Internet of Things Requires IDS

In the world we live in today, there are an endless number of devices that are connected to the Internet. But, are they as secure as possible, or do they blow a gaping hole into your network? Everything from toys to automobiles are connected. In fact, it is not uncommon to find your refrigerator or thermostats connected to the Internet. It has been estimated that by 2020 there will be 21 billion IoT devices in the world. To meet the rush and need of consumers, manufacturers are spending their time measuring how fast they can code, instead of how securely they can do it. We already hear and read many stories about disastrous attacks that are perpetrated with these devices. We also see suggestions for securing such devices, but is that really all that can be done? If only there were a way to monitor your traffic as a whole, to ensure that the only traffic passing through your network is the traffic that is supposed to be there.

Imagine that you have a Nest thermostat installed in your home or office. You setup a schedule to regulate the temperature to make it as comfortable as possible for your guests. On top of it all, you have the app on your phone to help you make subtle changes through the cloud as needed, or to shut the system down when you are away on holiday. Little do you know that, while the thermostat is communicating with the host system, an intruder has piggy-backed onto the connection. Now that he has his own software running on the device, he freely looks through your network to see what other devices are available. Your computer with all of your client information on it? No rush. QuickBooks installed for financials? Just take it all. How will anyone be aware that passwords are being sniffed and cracked through the network when no signs are shown? What does your firewall have to say about it? It is just the thermostat communicating with the service provider.

There are various options to utilize and lock down all sorts of devices. These options usually need to be tackled using several methods as a whole. Physical access can be a start. For example, how can someone physically gain access to a device? Is it in a location that could be accessed easily, and without too much attention? What sort of passwords are used on them? Even printers can have access limited by credentials or other means. Do you know how device-access integrates with your network setup? Most devices can even use domain credentials for authentication.

Even with these preventative measures, you can still end up with compromised devices on your network. After all, they are just stripped-down Linux systems. You have to use a method to detect and inspect the traffic further. This is where an IDS (Intrusion Detection System) would be greatly beneficial. An IDS does not care what systems are running, nor how secure the device may be. In fact, an IDS can be completely cut off from the rest of your network. By analyzing all traffic, and IDS can see when malware-type traffic is passing through your network, including remote access. Always be in-the-know regarding an attack, with notifications, instead of constantly monitoring yourself.

All the options of securing a network certainly are beneficial. With the rise of threats and vulnerable devices, it can be a nightmare to keep them all locked as tightly as possible. Make sure you are not found dead-in-the-water because the whole picture was missed.