Protecting IoT devices requires a DNS-based solution
IoT devices are fast becoming an everyday part of our lives. Whether it be in the role they play in manufacturing and industry or powering the appliances in our own homes, it’s clear that IoT devices provide new and efficient ways of working and living. From wearables to smart cities, there’s no shortage of the capabilities that IoT devices have when collecting data from their environment and the internet, but with this advance in technology comes new risks to data, networks, and IT infrastructures.
Despite their prevalence in our lives, the security risks that are inherent to these data sharing devices are failing to be tackled head on. All this can disrupt everything from our power and security within our homes as well as impacting the critical infrastructure sector.
With the growing risk of cyberattacks which look to exploit the security vulnerabilities of IoT devices, it’s now more important than ever to have a strong understanding and security strategy in place to avoid and mitigate these risks.
To prevent devices being used as attack vectors, the first step to IoT protection, when connected onto the network, must start with DNS: using Domain Name System infrastructures and DNS security capabilities to protect data and ensure IoT devices are only allowed access to relevant services.
IoT security risks
When an IP device is connected to a network within our home, industry or our office, a data and command exchange takes place, which presents the risk of exposing or manipulating data by threat actors who take advantage of flaws in the IoT software.
The security holes in IoT devices can be exploited by these threat actors through a variety of methods. For example, frequent attacks include denial-of-service (DoS) attacks as well as DNS cache poisoning. DNS cache poisoning, or “spoofing,” is a form of DNS attack that installs a specific incorrect record in the cache of a recursive DNS server. Anyone requesting this information from this recursive server will then get the wrong answer. This attack is mainly used to direct user browsers to a fake server to perform phishing or extortion.
Whilst IoT devices will always have security vulnerabilities, by incorporating a secure approach which makes use of DNS technology, businesses and service providers can be confident they are best protecting their data and access to their IT infrastructure.
IoT devices must be identified, inventoried, screened, managed, and secured so they cannot cause any problems to the rest of the IT ecosystem, the users, or the organization itself.
Businesses can prevent the exploitation of security vulnerabilities in IoT devices by using DNS-based solutions which secure communications and by limiting the attack potential of IoT devices. Protecting industrial IoT control devices not only at network level, but also at the DNS level, helps avoid threats such as DNS Cache Poisoning, which capture the IoT traffic to exploit all other flaws (TCP, HTTP, …).
A key, zero-trust method for organizations to protect themselves is by intelligent usage of their DNS recursive infrastructure, in particular for controlling which services the IoT devices are permitted to access. A good option is to use a DNS query filtering type of security approach based on whitelisting. This isolates all IoT devices, applying strict filtering based on an “allow list” (whitelist), meaning any DNS resolution request needs to be for an explicitly allowed domain to be performed.
Finally, it is vital to ensure the integrity and authenticity of DNS information by making use of DNSSEC (The Domain Name System Security Extensions) on the DNS infrastructure. For all IoT communication domains, this helps verify the integrity of each record, the validation that the record originates from the authoritative DNS server for the record (authenticity) and the validation that the DNS server is trusted by the upper domain in the DNS hierarchy (chain of trust).
By prioritizing the safety of IoT devices through DNS, we can best make use of the benefits they bring us. Investing in a security solution which can increase infrastructure access control of all IoT devices – from those used in high density networks such as smart cities, utilities and factories to recreational devices like connected screens – will be vital to ensure the innovations brought about by IoT can continue to progress and play an important role in our lives.