The Internet of Things (IoT) may be one of the hottest tech buzzwords in the last couple of years but it’s also a mess. It’s chaotic. Devices are insecure; they don’t talk to each other, and they don’t use consistent protocols. And the vast majority are unmanageable, with weak security to boot. As an IT professional, chances are you don’t want them on, or for that matter, anywhere near your network.
Several vendors are looking to change this situation and one of them is Ruckus Wireless, which was recently acquired by consumer networking vendor Arris. Ruckus Wireless is known for its enterprise-grade network infrastructure portfolio as well as its mesh networks. Ruckus Wireless is now launching a line of IoT networking products that will integrate with its existing network controllers. The idea is to create a way to safely bring IoT traffic into the larger enterprise network and do away with all of the proprietary connectivity silos that have so far been a hallmark of IoT communications.
The Ruckus IoT Suite, which should be available at the end of June, uses pluggable modules inserted into a new line of IoT-ready access points. These access points will communicate with an IoT controller, which in turn communicates with a standard Ruckus wireless Local Area Network (LAN) controller. The IoT modules are designed to communicate with devices using any of the several different types of radios popular in IoT deployments, including Bluetooth Low Energy (BLE), LoRaWAN (a long-range, lower-power networking protocol), and Zigbee (a standard for short-range, low data-rate communications). And, of course, run-of-the-mill Wi-Fi networking, which is also used by many IoT devices.
Each of these communications protocols has a specific use, not just in IoT but even in various enterprise scenarios, but you’ll notice that none of them is able to communicate directly with the others. That’s where those pluggable Ruckus modules come in. They’ll handle basic communications with the device, then send it to the IoT controller, and then to the wireless local area network (WLAN) controller. In the process, the traffic is converted into an Internet Protocoal (IP) stream so that it can travel over the existing network, which you can continue to control via standard infrastructure management tools.
Security Is Still a Hitch
Even more attractive, Ruckus adds a layer of security to the data once it reaches the IoT module. Depending on the communications protocol, there may also be security originating from the endpoint, which can be anything from a surveillance camera to an environmental sensor. Wi-Fi devices normally support encryption and more modern versions support Wi-Fi Protected Access 2 (WPA2). Sadly, some older devices may stick you with weaker encryption.
BLE is encrypted at the source, so it’s reasonably secure. But a number of IoT devices don’t have, and can’t be made to have, any sort of encryption or other security. In those cases, the Ruckus network administrator can set up what amounts to a firewall between the IoT device and the rest of the network, and allow traffic using a whitelist based on the device’s Media Access Control (MAC) address.
This type of controlled access protects the network but it doesn’t necessarily protect the device. For example, if someone happens to be nearby a Wi-Fi-enabled security camera, for example, it’s possible to take over a camera if it’s not protected, either by encryption or some other means. This type of attack has happened and it allows the hacker to see whatever is in range of the camera.
To make matters worse, some low-end cameras have hard-coded log-in credentials that can’t be changed and Wi-Fi network traffic that can’t be encrypted. These cameras are ripe for the picking by someone war-driving through the area. The best you can do is hope you don’t have anything worth protecting in view of the camera.
Cameras are certainly not the only type of unprotected IoT device, just the most well-known after they’ve been used in conducting a number of crippling distributed denial-of-service (DDoS) attacks. The problem is that Wi-Fi cameras have proven popular, and the people who buy them haven’t always been diligent about making sure they choose models that have at least some level of security. The result has been millions of unsecured, IP-based Wi-Fi cameras out working in the world with no means of protecting them.
So, you’ll have to take some steps to secure your IoT devices that go beyond using a network integration platform such as what Ruckus is offering. You might look into one of the new and growing number of IoT-specific security platforms, such as Exabeam’s Entity Analytics. But there are still steps every IoT-burdened IT admin should take in addition to purchasing new tools.
At the very least, you should take an inventory of your IoT infrastructure and determine the security status of each device. Sure, if you haven’t done it yet, then that’s a pain, but it’s a necessary step to managing these devices anyway—especially if your portfolio is going to grow. Chance are, you’ll find some that fall into the category of being impossible to secure. Or you may find that they can be secured but the cost of doing so is prohibitive.
Rip and Replace May Be the Best Option
An insecure IoT device is a problem for your company, even if the rest of the network is secured by a Ruckus-style management platform. It’s possible to install malware into a device and then use the device’s communications channel to gain access to your network. In some cases, you can impede such an attack with a well-configured firewall, but perimeter protection as your only defense is problematic.
Realistically, the only way to be really secure is to design and test an effective security policy for your IoT infrastructure and then get rid of any device that can’t meet that policy. That’s tedious, but in the long run, it’s cheaper than suffering an attack.
Unfortunately, sometimes, you can’t just dump an insecure device because it’s required for your operations. A good example of this is some types of medical equipment that communicate wirelessly and for which security isn’t available. Then, your only alternative is to keep those devices off of your enterprise network and monitor them closely for aberrant behavior.
Still, a solution such as the Ruckus IoT Suite is a good way to ease the management problem created by IoT silos while also making that part of your network more secure. But it’s important to remember that there are no magic bullets in security; some things make it more manageable but they still take work and planning.
Computers and Software Buyers Guide
Compare Computers and Laptops
Mobile Phones Buyers Guide
- Mobile Phones Buyers Guide
- Mobile Phones Accessories Buyers Guide
- All in one Printers Buyers Guide
- Fax Machines Buyers Guide
- Home Telephones Buyers Guide
Compare Mobile Phones
- Compare Mobile Phones
- Compare Mobile Phone Accessories
- Compare Smart Watches
- Compare All in One Printers
- Compare Fax Machines
- Compare Home Telephones
- Compare Home Telephone Accessories