Page 4 - Campus Technology, May/June 2018
P. 4

are simply guests, which means their shadow existence also complicates network security and introduces additional risks. “There’s no such thing as a firewall with ... IoT,” says Maggie Johnson, director of education and university relations at Google.
Then there’s the sheer volume of devices in use. If your IT operation already struggles to manage the thousands of computing devices used by your school community, imagine increasing the workload with the addition of every smart lightbulb, door lock, and wearable device to arrive on campus.
IT leaders are well aware of this growing problem. ISACA’s “State of Cyber Security 2017” report asserts the IoT “is replacing mobile as the emerging area of concern.” The non-profit association for information system professionals found threats from mobile device loss were down from the previous year (due in part to an increase in the use of encryption technology), however, concerns over IoT devices had grown. “Traditional security efforts may not already cover these devices,” the report states.
As a number of experiments and actual breaches have proven, the firmware embedded on IoT devices
As a number of experiments and actual breaches have proven, the firmware embedded on IoT devices is highly vulnerable to hacking.
is highly vulnerable to hacking. Some security experts believe a lot of IoT devices are already infected and simply awaiting instructions to begin their distributed denial of service attacks or standing by as a gateway for cybercriminals to maneuver through the network.
A particularly nasty piece of malware called Mirai struck in October 2016. It brought down Twitter, Netflix, CNN, and other targets by attacking Dyn, the company that manages internet domain name systems and e-mail for those high-profile organizations. The ploy was simple in its approach. Computers infected with the Mirai botnet sought out vulnerable IoT devices, testing default login information to gain control over them.
Leading security companies are already on the case. They’re developing security tools and helping their
institutional customers develop policies to give IT the same level of oversight to IoT devices they have long had for laptops and smartphones. Among the advice:
Treat IoT devices like any other unknown device on the network and place them on a controlled segment.
Before granting users Wi-Fi access, force them to keep their IoT devices updated, including printers, coffeemakers, and smartwatches.
Stay on top of the IoT devices you know about by conducting regular vulnerability scans, and stop unnecessary access.
Use the latest security technology services to monitor calls made by IoT devices. If they don’t make sense for how that device operates, chances are there’s something nefarious underway that requires intervention.

   2   3   4   5   6