IoT devices are quickly becoming part of our daily lives. Whether it’s in their role in manufacturing and industry or in powering the devices in our own homes, it’s clear that IoT devices offer new, efficient ways of working and living. From wearable devices to smart cities, there is no shortage of IoT device capabilities when collecting data from their environment and the internet, but this technological advancement brings new risks to data, networks, and IT infrastructure.
Despite their prevalence in our lives, the security risks inherent in these data sharing devices are not addressed head-on. All of this can disrupt everything from our power and security in our homes as well as impact the critical infrastructure industry.
With the growing risk of cyber attacks seeking to exploit security vulnerabilities in IoT devices, it is now more important than ever to have a solid understanding and security strategy in place to avoid and mitigate these risks.
To prevent devices from being used as attack vectors, the first step in IoT protection, when connected to the network, must start with DNS: use domain name system infrastructure and DNS security capabilities. to protect data and ensure that IoT devices are only allowed to access relevant services. .
IoT security risks
When an IP device is connected to a network within our home, industry or office, an exchange of data and commands takes place, which presents the risk of exposing or manipulating data by actors. malware that takes advantage of IoT software flaws.
Security holes in IoT devices can be exploited by these malicious actors through a variety of methods. For example, frequent attacks include denial of service (DoS) attacks as well as DNS cache poisoning. DNS cache poisoning, or “spoofing”, is a form of DNS attack that installs a specific bad record in the cache of a recursive DNS server. Anyone requesting this information from this recursive server will then get the wrong answer. This attack is mainly used to direct users’ browsers to a bogus server to perform phishing or extortion.
While IoT devices will always have security holes, by incorporating a secure approach that uses DNS technology, businesses and service providers can be confident that they are best protecting their data and access to their IT infrastructure.
DNS based solutions
IoT devices must be identified, inventoried, filtered, managed and secured so that they cannot cause any problems to the rest of the IT ecosystem, to users or to the organization itself.
Businesses can prevent the exploitation of security vulnerabilities in IoT devices by using DNS-based solutions that secure communications and limiting the attack potential of IoT devices. Protecting industrial IoT control devices not only at the network level, but also at the DNS level, helps prevent threats such as DNS cache poisoning, which captures IoT traffic to exploit all other vulnerabilities (TCP, HTTP,…).
A key zero-trust method for organizations to protect themselves is to intelligently use their recursive DNS infrastructure, especially to control which services IoT devices are allowed to access. A good option is to use a whitelist-based DNS query filtering security approach. This isolates all IoT devices, applying strict filtering based on an “allow list” (whitelist), which means that any DNS resolution requests must be made for an explicitly authorized domain.
Finally, it is essential to ensure the integrity and authenticity of DNS information by using DNSSEC (The Domain Name System Security Extensions) on the DNS infrastructure. For all IoT communication domains, this verifies the integrity of each record, validating that the record is from the authoritative DNS server for the record (authenticity) and validating that the DNS server is trusted by the domain higher in the DNS hierarchy (chain of trust).
By prioritizing the security of IoT devices through DNS, we can make the most of the benefits they bring to us. Invest in a security solution that can increase access control to the infrastructure of all IoT devices – from those used in high density networks such as smart cities, utilities and factories to recreational devices like connected screens – will be essential to ensure that innovations brought by IoT can continue to progress and play an important role in our lives.