IoT Blog
IoT Blog

Overcoming IoT Security Challenges Using Endpoint Integrity

by Larry LeBlanc, Chief Engineer, Security

Nearly every major industry—from agriculture to entertainment—uses the Internet of Things (IoT) to improve the way they do business. Advances in the IoT have enabled organizations to leverage connected devices to optimize operations, identify and respond to problems in real time, and provide innovative new services. The IoT is changing the way we interact with devices, organizations and each other.

However, the enormous benefits of this technology also open new avenues for security incursions, with more complex and far-reaching connections between components. Not only does each component represent an opportunity for exploitation, but, as technologies and deployments change, they bring new threats to each component and to the overall IoT ecosystem. Companies must approach security as one of the critical requirements for IoT deployments. More than ever, we must create opportunities for companies to continually assess, improve and enhance security efforts. While each vertical industry has specific and different security concerns, they also share common challenges; one such challenge is maintaining endpoint integrity.

The Primary IoT Security Challenges We Face

At its most basic, endpoint integrity is any method that protects networks and devices from intrusions by hackers on every level. These intrusions can range from Trojan horses, to spyware, to Denial of Service (DDoS) attacks.

One of the primary problems with the IoT is that there are hundreds, sometimes even thousands, of possible entry points for a hacker to exploit. A hacker doesn’t necessarily need to hack directly into the network to find sensitive data in your company’s logs. They might find a way into the network through one of the thousands of physical devices connected to it or through the IoT application itself. What’s more, it can be difficult to pinpoint exactly where the breach occurred, placing you at risk for future attacks.

The following are just a few possible endpoints that hackers could potentially exploit.

Multiple Devices: Generally, the more individual devices that you have on your network, the more vulnerable your system will be. If you install these devices in places where they’re not monitored, they could even be stolen. This allows hackers to study the devices for vulnerabilities and tamper with them before placing them back in their original locations. When these tampered devices connect to the network, so does the hacker.

Evergreen Devices: IoT devices that are designed to stay in the field for years at a time slowly become more vulnerable to exploits as technology evolves. The longer the device stays on the network, the more likely it is that hackers could find a vulnerability using brute force attacks.

Low-Cost Devices: Finally, low-cost IoT devices tend to have fewer security measures in place from the start. Many of these devices aren’t equipped with security methods like cryptographic accelerators. Sometimes, they don’t even have the bandwidth or battery power to handle these advanced security measures.

Use Hardware and Software to Resolve These Issues

The best way to handle IoT security challenges is to look at every endpoint in your system, and implement as many security measures as possible at each point. Start with the devices themselves. You’ll want to reduce the attack surface of every device, both from a hardware and software standpoint. Disable any unnecessary ports, especially open listening ports. You should also disable all local ports. Although local ports are far harder and more time-consuming to access, you don’t want to leave this vulnerability present in your system, as it could lead to a larger exploitation by a determined hacker.

From a software standpoint, you should run only the bare minimum code required for essential services. The more lines of code in your system, the more opportunity for a hacker who wishes to find a breach. To add to your endpoint integrity, you should create read-only storage for your critical code and require verification of authenticity through a hardware root of trust under Secure Boot. This means that hackers can’t test unauthorized software on any of your devices, making it much harder to find exploits.

Maintain Endpoint Integrity

Initial installation of secure hardware and software can only solve your IoT security challenges for so long. To keep your system secure over the coming years, you’ll also need to safeguard your firmware updates and encrypt your device communications.

Installing new firmware on your devices serves two purposes: it keeps your technology up to date, and it gives hackers less time to find vulnerabilities. A constantly-evolving system is much harder to exploit than one that remains constant for many months or even years. To ensure that your firmware updates are secure, you need to require authentication from the installer on every device. And to protect past versions of your firmware, you can use anti-rollback protection to prevent users from installing old firmware that had vulnerabilities present. Your users will always run the latest, most secure patch.

A strong encryption code also adds a layer of evergreen protection to your system. You can use an APN (equipped with a firewall) to whitelist secure services or to hide specific communications between devices. If you’re using a gateway, you can even have an additional VPN layer between your gateway and the cloud as a failsafe in the event that your firewall and APN are compromised.

Security Itself Can Be a Deterrent

IoT security challenges are dangerous, in part, because they make your network more appealing to would-be hackers. If you have hundreds or thousands of possible devices that can be compromised, a hacker might be more inclined to try to find a vulnerability in your network. However, if you make your devices less appealing, your network could be more secure.

You can accomplish this by ensuring that your devices never have anything of value beyond their small, individual scopes. If you avoid globally-shared credentials, and your devices can only perform a limited number of tasks or only have a limited number of permissions, then your system won’t represent a worthwhile effort for most hackers. As a result, your network maintains end-to-end security from the very beginning, long before you need a VPN or a firewall in the first place.

To learn more about how you can improve your network security and solve these common IoT security challenges, Start with Sierra. Our expert staff has more than 20 years of experience in the industry and can understand your IoT requirements and security concerns.