Share this
DNS Security and the Internet of Things
by Serena Raymond on Aug 17, 2021 12:00:00 AM
The Internet of Things (IoT) is one of the greatest byproducts of cloud computing and artificial intelligence. It encompasses the vast network of physical things which have the ability to collect, connect, and transmit data over the internet without human assistance.
The scope of IoT is nearly limitless, ranging from basic household automation tools to industrial sensors. Due to its extensive reach, however, IoT networks have become a prime target for cyber attacks. What’s more, the volume of new devices and operational requirements put stress on DNS and complicate network security.
Read on to get a better understanding of the relationship between DNS and IoT and why DNS security is so important for your IoT devices.
Just how popular is IoT?
There are currently more active IoT devices than humans on this planet (by tens of billions). Some reports estimate that we’ll reach 75 billion devices in the next three or four years. The average American household has around 50 connected IoT devices, and organizations are increasingly turning to IoT technology to run their business.
Of course, IoT assists consumers with tasks such as ordering staple items, streaming media to various devices, and interacting with virtual assistants. You can find doorbell cams, garage door openers, robotic vacuums, coffee makers, air quality sensors, security systems, lights, and thermostats. Even household objects like refrigerators, dishwashers, and mattresses aren’t immune to the IoT craze.
From an industrial standpoint, IoT is used for sensors and safety systems. For example, manufacturers can track a shipment’s exposure to temperature fluctuations, undue pressure, or unwanted levels of humidity, light, and tilt by using sensors that connect to the internet. There are GPS tracking devices that can monitor a company’s assets and vehicles, wearables for employees, intelligent forklifts, and smart machines. Businesses install smart locks, smart lighting, and smart cameras in the office. Many shops operate using mobile card readers.
At its core, IoT is a jack-of-all-trades that helps consumers, businesses, and industrial enterprises connect, cut costs, save energy, improve productivity, and boost efficiency.
IoT security risks
Given these advantages, it’s no surprise that 94 percent of retailers believe that the benefits of implementing IoT outweigh the risk. However, there are risks. Everything is connected—which makes everything that much more vulnerable. For one, every IoT device added to a network presents a new vector by which a cyber criminal can infiltrate and cause harm. Secondly, IoT puts stress on DNS.
Take this alarming statistic, for example. According to a recent NETSCOUT Threat Intelligence Report, IoT devices are “under attack five minutes after being plugged in and targeted by specific exploits within 24 hours.” The reason? “IoT security is minimal to nonexistent on many devices,” the report posits, “making this an increasingly dangerous and vulnerable sector.”
In a recent DNS security roundtable, one IT professional lamented that, “[Commercial IoT devices] are basically black boxes that no one gets access to. They’re on your network, they're linked, and you don't have any control over that box. You barely know they exist, so how can you secure something you don't know about?”
Oftentimes IoT manufacturers concentrate on connection—not protection—leaving IoT security up to the end user. Furthermore, these devices aren’t upgraded to address vulnerabilities the way that the rest of a company’s hardware and software are. Many IoT applications come with hard-coded IP addresses and default credentials that are difficult, if not impossible, to change.
To further complicate the matter, there are many network protocols for IoT applications, making the market very fragmented. Some devices operate using 5G, while others utilize WiFi or Bluetooth. There’s also Zigbee, LoRaWAN, and the increasingly popular Z-Wave. The bottom line is this: IoT devices have minimal security and oversight, and since they provide an entry point to your network, they make you more vulnerable to attack.
IoT and DDoS
As we’ve already mentioned, IoT can cause stress on DNS. These devices account for a significant number of DNS queries, and their operations are often invisible to end users. IoT technologies constantly ping servers and look up domain names to check for network availability, for example. While it may be manageable on a day-to-day basis, if millions of devices were to update at the same time, DNS resolvers would be inundated with queries. Whether from IoT device engineers using DNS naively to operate their application, or misconfiguring resolvers to accept DNS queries from anyone on the internet (rather than limiting access solely to the intended client), IoT can overwhelm DNS.
Pressure on DNS isn’t always unintentional, either. IoT devices are a common target for Distributed Denial of Service (DDoS) attacks. Botnets can infect large numbers of IoT devices (be they cameras, HVAC systems, coffee makers, or industrial sensors) and coordinate a DDoS offensive that grinds operations to a halt. This form of DDoS attack is very difficult to fix, as each IoT device has its own restoration procedures.
How do you protect IoT devices?
Clearly, IoT devices pose security risks. However, just because you can’t manage each device doesn't mean you can’t control and protect them.
One option is to put all your IoT devices on their own network, consistently monitor it for any threats, and lock it down in the event of an incident. However, this is complicated and requires your IT department to step in every time you want to configure a new device. It also requires that you be aware of every IoT device on your network—a near impossibility if you work in an office where anyone can bring a consumer IoT device to work and connect to the network.
Luckily, there’s a much easier way. The relationship between IoT and DNS is powerful. DNS is often the only option you can configure on an IoT device. As a result, DNS threat protection is the best option for securing your technology.
DNS protocols allow you to monitor which sites your IoT devices are communicating with. More importantly, DNS configurations offer you the ability to restrict the domains with which your devices can resolve. By leveraging DNS filtering technology, you have the power to approve which domains IoT can access and which must be blocked. Not only that, but you’ll be protected from connecting with all known malicious websites. The best part is that this solution is infinitely scalable (a must for IoT).
DNSFilter can protect your IoT devices
IoT is now one of the most powerful, integral technologies that connects us. It’s pervasive in society and in business, and there’s so much to be grateful for. However, it’s a double-edged sword that can make us vulnerable just as it improves the way in which we do business. Luckily for you, you don’t have to choose between convenience and security. By implementing DNSFilter, you can protect your network—smart boards, coffee makers, and robotic forklifts alike.
Sign up today for a free trial and see just how easy it is to secure your organization’s IoT devices.
Share this
Categories
- Featured (264)
- Protective DNS (21)
- IT (15)
- IndyCar (9)
- Content Filtering (8)
- Cybersecurity Brief (7)
- IT Challenges (7)
- Public Wi-Fi (7)
- AI (6)
- Deep Dive (6)
- Malware (4)
- Roaming Client (4)
- Team (4)
- Compare (3)
- MSP (3)
- Phishing (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...
In July I published a blog on the DNSFilter website where I looked closely at our passive DNS data, highlighting early election trends in relation to threat domains.
The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.