Intrusion detection software lowers Internet of Things (IoT) risk
Intrusion detection software (IDS) for the IoT: What’s the point of protecting your embedded devices if you can’t tell if they are under attack? Why intrusion detection software is essential for web-connected devices.
IoT devices bring the promise of business optimization, remote patient monitoring, assistance in finding parking spaces, increased automation, and a host of other benefits, some not yet even conceived. But this vast proliferation of connected devices also creates an ever expanding attack surface for cyber attacks.
Many IoT devices are small and inexpensive, using low-cost hardware and software solutions that lack the computing power and memory to run the current existing security software operating in many of today's information technology (IT) and home networks. Instead of using Microsoft Windows or Linux operating systems, embedded real-time operating systems (RTOS), such as FreeRTOS, OpenRTOS, and other small commercial RTOS, are gaining popularity in low-end IoT devices. While these solutions enable original equipment manufacturers (OEMs) to minimize product bill of materials, they do not provide pre-integrated security solutions to protect the devices from inevitable cyber attacks.
Those who argue that low-end devices will not be targeted by hackers because of the technical difficulties of launching attacks against proprietary systems or because of the obscurity of the devices are being shortsighted. Security by obscurity works only until someone makes a determined effort to discover vulnerabilities in a device. Even if hacking the device is technically difficult, once vulnerability is discovered by a sophisticated hacker, the attack can be automated and published on the Internet for anyone to use. Tools such as Shodan can be used to easily find embedded devices connected to the Internet. Because IoT devices are mass produced, and each unit is essentially identical, one vulnerability can be used to exploit hundreds, thousands, or even millions of devices.
First layer of defense
Intrusion detection software (IDS) can be a first layer of defense. One of the most significant security problems for embedded devices today is the inability to know when a system is being attacked or to even know when it has been compromised. Most devices lack the logging and reporting capabilities used by enterprise security solutions to detect when a hacker is probing or has penetrated a network or device.
To see how an IDS solution can help protect IoT devices, consider a typical embedded device supporting an administrative interface available over hypertext transfer protocol (HTTP) or a telnet and using a username and password for access control.
A hacker discovering this device could use a script to perform a brute force attack, trying thousands of log-in attempts per hour until the script finds a user name and password that are accepted. Most embedded devices would simply process each password attempt as it was received. Each time password validation fails, the device simply drops the request and continues its normal processing. It is not aware that it is under attack and, therefore, cannot report the attack to a management system.
If a sufficiently strong password is encoded, the hacker may not succeed in compromising the device. Users are prone to choosing weak passwords leaving many devices susceptible to simple attacks such as this. Default account names such as "admin" or "root" can be easily guessed and reduce the security of these devices.
An IDS solution would be able to provide, at a minimum, event reports or alerts detailing the flood of login requests received by the device. A security administrator would see that a device that normally gets a few login attempts per hour or day is suddenly receiving thousands of login attempts and could take action to mitigate this attack.
At the bottom, click to the next page for more on the importance of early detection, role of embedded devices, use of IDS, and mitigation.