Wireless recreating security defenses

While wireless has been a part of networking for more than a decade, the Internet of Things (IoT) will change the way network architectures end up designed.

By Frank Williams, ISSSource February 23, 2016

Mobile devices and the proliferation of edge devices and sensors from the Internet of Things (IoT) are leading to the creation of a new and different security posture.

Along those lines, the traditional security architecture of the layered defense doesn’t work anymore.

While wireless has been a part of networking for more than a decade, the IoT will make significant changes in the way network architectures end up designed. Those changes will be especially immediate and far-reaching than in the ways wireless systems are used.

Disruptive technologies led by IoT technologies challenge all aspects of current network best practices. If it is understood connectivity-of-everything is inevitable, then the industry has to come to grips with the challenges and reshape current best practices on how networking architecture must align to drive stronger business strategies.

The IoT, and its accompanying cloud services and Big Data analytics, deliver immense amounts of data from devices and sensors. That means network architectures continue to adapt and will change dramatically to implement the data flow from these sensors. That also means networks will become outward focused, as the amount of data acquired from edge devices dwarfs the amount of data produced inside the network.

Beyond traditional Wi-Fi

It used to be Wi-Fi was the only wireless protocol a network admin needed to worry about. It was a very small part of network design, and most admins ignored it. What was far more challenging was the use of laptops connected to Wi-Fi outside the enterprise where the user was connecting via an insecure connection or over the Internet.

Previously, network architecture for wireless used a design that had a wireless access point directly and quickly connected to wired Ethernet. Network backhauls were always wired. However, in more recent times, companies with sprawling multi-building campuses or manufacturing or process plants have been using wireless backhauls.

Some of these are using WiMAX (IEEE 802.16) as broadband microwave links. Others are designed as optical. These wireless backhauls are significantly less expensive to install, and provide secure data transmission.

Wireless backhauls also make it easier to set up new nodes or temporary data centers, without the cost of pulling large-scale fiber to the building. In manufacturing and process plants, wireless backhauls make it possible to extend sensor and control networks everywhere in the plant, especially where there are no more cables available in marshalling cabinets, or where sensors were not a part of the original design.

Wireless sensor networks the norm

Using the Bluetooth and IEEE 802.15.4 standards, among others, sensor vendors created a plethora of sensor network protocols network administrators will increasingly see as IoT, and its manufacturing offshoot, the Industrial Internet of Things (IIoT), become a reality in the manufacturing enterprise.

This proliferation of wireless sensor networks will affect the design and architecture of enterprise networks. The amount of data produced is significant. Whether it is going to enterprise servers, operation technology (OT) servers, or directly to the cloud, the data avalanche will dwarf what network administrators usually see. A process pressure transmitter might report every 250 milliseconds, while a factory automation sensor might report every 15 milliseconds. From a single sensor, that’s a lot of data. Now consider how much data that is, if there are 10,000 sensors in a plant.

Is the network going to choke on that much data? Or will the pipe going to be the cloud be clogged up? Or can the network be able to handle this rush of data? Good network administrators are planning for handling that much data.

Cellular wireless more relevant

For years, network administrators have had little to do with cellular telephony, other than to provide smartphones and tablets access to Wi-Fi services. The IoT is changing that, too. Even in the confines of a manhole in the street, data is being collected and transmitted back to the enterprise network and the OT network using cellular modems.

In factory and health care industries, bar codes, QR codes, radio-frequency identification (RFID) chips, and other automatic identification and data capture (AIDC) tools have been used for years. Now they are in applications, from automatic tolling on highways to supply chain inventory management, to maintenance management, and Big Data applications for quality, inventory control, and statistical process control.

AIDC is used in the factory and in the process plant to help control the flow of material and parts throughout the process. AIDC technologies are the backbone of track and trace in the pharmaceuticals and fine chemicals industries, and the data they produce must end up collected and distributed through the network to the various applications that use it.

Personal monitoring drives more connections

The latest sensor proliferation is that of personal monitoring devices. Even in enterprise IT applications, some companies want to track the position of their employees, and their expensive assets. In process plants and manufacturing plants, tracking employees and assets is essential for safety. "Man down" applications, personal hazardous gas sensors, and chemical shower usage are also undergoing implementation. The ability to track the location and condition of a plant’s firefighting apparatus may be critical in the event of an accident.

Currently, most of these sensors use either proprietary wireless protocols or one of the major 802.15.4 wireless protocols like ZigBee or WirelessHART. They access the network through wireless gateways. As IPv6 is enabled and used in the network, these devices will have IP addresses and function as network devices themselves. Once again, the network will have to absorb this information and route it to the appropriate application for action.

Re-thinking mobility with wireless

We are already beginning to see the use of networked devices that are entirely mobile. Personal wearable devices such as fitness bands, smart watches, smart clothing, as well as smart phones and tablets are beginning to proliferate. These devices will connect to cloud servers, or network servers. So administrators need to prepare for devices entering and leaving the network at random. These devices, whether company-owned or bring your own device (BYOD), will also access the network from points outside the network. Network policies and procedures need to properly assign access and permissions.

Networks used to be fixed with devices that didn’t move around. Now networks have portions of virtual networks, some software defined network (SDN) sectors, cloud interfaces, movable sensors and devices, and network administrators have to keep track of all of it in real time. That increases the reliance on network information solutions. That old saying, "You cannot manage, especially in an environment of amorphous change, what you cannot see," becomes even more important.

Security issues

With the increased network stress, there is also a need for a new security architecture that will cope with virtual servers and computer systems, bidirectional cloud-access to servers not controlled by the enterprise, edge firewalls and device-level security software that uses encryption and authentication directly in the device. The new security architecture will need to act more like an immune system than a firewall. Intrusion detection and malware identification will need more development than today’s antivirus software. They will need to traverse the network and find problematic data and software, and eliminate it.

The majority of this must be automatic. Current security responses are far too open loop, with a human response required for the majority of actions. Network security must do at least 80% of its work automatically. Only very difficult issues should go to the network administrator.

Network of the future, today

Today’s network administrator needs to prepare for a changed network in the future. Wireless systems for sensors, devices and backhauls introduced into the network will need to be accounted for. The amounts of data networks will have to deal with will increase exponentially in the next 10 years. According to Gartner Group, there will be billions of devices connected to the IoT by 2020. Network administrators need to be up to speed on these devices, and the wireless interconnection most of them will be using.

Frank Williams is the chief executive at Statseeker, a provider of network monitoring technology. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com

ONLINE extra

See additional stories from ISSSource linked below.

Original content can be found at www.isssource.com.