Intrusion detection software lowers Internet of Things (IoT) risk

Intrusion detection software (IDS) for the IoT: What’s the point of protecting your embedded devices if you can’t tell if they are under attack? Why intrusion detection software is essential for web-connected devices.

06/24/2015


Floodgate industrial framework detects and reports intrusions into networks. Courtesy: Icon LabsIoT devices bring the promise of business optimization, remote patient monitoring, assistance in finding parking spaces, increased automation, and a host of other benefits, some not yet even conceived. But this vast proliferation of connected devices also creates an ever expanding attack surface for cyber attacks.

Many IoT devices are small and inexpensive, using low-cost hardware and software solutions that lack the computing power and memory to run the current existing security software operating in many of today's information technology (IT) and home networks. Instead of using Microsoft Windows or Linux operating systems, embedded real-time operating systems (RTOS), such as FreeRTOS, OpenRTOS, and other small commercial RTOS, are gaining popularity in low-end IoT devices. While these solutions enable original equipment manufacturers (OEMs) to minimize product bill of materials, they do not provide pre-integrated security solutions to protect the devices from inevitable cyber attacks.

Those who argue that low-end devices will not be targeted by hackers because of the technical difficulties of launching attacks against proprietary systems or because of the obscurity of the devices are being shortsighted. Security by obscurity works only until someone makes a determined effort to discover vulnerabilities in a device. Even if hacking the device is technically difficult, once vulnerability is discovered by a sophisticated hacker, the attack can be automated and published on the Internet for anyone to use. Tools such as Shodan can be used to easily find embedded devices connected to the Internet. Because IoT devices are mass produced, and each unit is essentially identical, one vulnerability can be used to exploit hundreds, thousands, or even millions of devices. 

First layer of defense

An embedded IDS solution provides runtime protections on the device and reports any detected anomalies to a security management system. Courtesy: Icon LabsIntrusion detection software (IDS) can be a first layer of defense. One of the most significant security problems for embedded devices today is the inability to know when a system is being attacked or to even know when it has been compromised. Most devices lack the logging and reporting capabilities used by enterprise security solutions to detect when a hacker is probing or has penetrated a network or device.

To see how an IDS solution can help protect IoT devices, consider a typical embedded device supporting an administrative interface available over hypertext transfer protocol (HTTP) or a telnet and using a username and password for access control.

A hacker discovering this device could use a script to perform a brute force attack, trying thousands of log-in attempts per hour until the script finds a user name and password that are accepted. Most embedded devices would simply process each password attempt as it was received. Each time password validation fails, the device simply drops the request and continues its normal processing. It is not aware that it is under attack and, therefore, cannot report the attack to a management system.

If a sufficiently strong password is encoded, the hacker may not succeed in compromising the device. Users are prone to choosing weak passwords leaving many devices susceptible to simple attacks such as this. Default account names such as "admin" or "root" can be easily guessed and reduce the security of these devices.

An IDS solution would be able to provide, at a minimum, event reports or alerts detailing the flood of login requests received by the device. A security administrator would see that a device that normally gets a few login attempts per hour or day is suddenly receiving thousands of login attempts and could take action to mitigate this attack.

At the bottom, click to the next page for more on the importance of early detection, role of embedded devices, use of IDS, and mitigation.


<< First < Previous 1 2 Next > Last >>

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me