Page 36 - index
P. 36
Unwelcome Guests:
The Internet of Things and Wireless Networks
By Cricket Liu, Chief Infrastructure Officer, Infoblox
Earlier this year, Infoblox commissioned a survey of network managers and administrators on
the Internet of Things. We were curious to find out whether enterprises were actually introducing
non-traditional devices to their networks, and if so, where and how they were connecting them.
After all, “Things” can have unique access requirements.
To use just my home as an example, my thermostat and smoke alarm need to connect through
the Internet to Nest so that I can turn off my heat or AC when I inevitably forget to do so before
leaving the house. My digital video recorder needs to talk to TiVo to make sure I’ve paid my
monthly bill, to see whether I want to record anything new, and to download new TV schedules
and code. And my car—even my car!—wants to create a VPN back to the manufacturer to
download updates.
The sorts of Things enterprises are deploying boast an even wider variety of access
requirements: security systems monitored by third parties, cafeteria cash registers uploading
sales data to concessionaires, and remotely managed HVAC systems.
We learned that businesses certainly are connecting Things to their networks—a whopping 75
percent of those surveyed reported adding Things in the general category of “office equipment”
to their networks, and 70 percent said they’d added “security” Things.
However, one finding of the survey that I found alarming was the increasing tendency to
connect these “Things” to guest wireless networks. On the one hand, that trend is
understandable: Many of these devices support 802.11 wireless, and many also require
connectivity to the Internet to work. Guest wireless networks generally support both.
But in many ways guest wireless networks aren’t at all suitable for IoT devices. In addition to
requiring Internet connectivity, some devices need access to internal resources, too. For
example, a security “Thing” might need access to a Domain Controller to authenticate users,
and permitting that will probably require poking a hole or two in your firewall. But you probably
don’t want to allow any device on your guest wireless network access to a Domain Controller.
Guest wireless networks are, after all, used by a wide variety of users and devices. By
definition, most of those users aren’t employees (who presumably have access to your
production wireless network). Simply knowing that you use a particular type of device and
understanding this kind of device requires access to an internal server might induce a Bad Guy
to search for a way through your firewall. Even if firewall reconfiguration isn’t necessary, are you
sure the traffic your Things send back to home base is encrypted? Does that traffic need
prioritization? What effect would a misbehaving guest device have on your wireless network,
and therefore your Things’ ability to phone home?
36 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
