When we think of the Internet of Things, we usually think of smart home devices like Nest’s intelligent thermostat, or Amazon Echo. But they’re only a small part of a predicted explosion in the number of devices – and in the services required to use them.
Tomorrow’s internet is one where the machines and devices outnumber the PCs and smartphones that access the information they deliver. Just take a look at the announcements from this year’s Mobile World Congress, where low-cost connected hardware was at the forefront. So how are we going to manage and secure all of those devices? With thousands of new devices in our networks, our infrastructures are going to become vastly more complex, mixing our own wired and wireless networks with cellular and the cloud. Our technical staff was not very confident with the former.
A well-managed DNS can help reduce the risks associated with DNS and other exploits. Tools like DNS Guardian can provide deep analysis of DNS traffic, helping to identify non-standard DNS query patterns that may indicate possible intrusion and attacks – and then apply appropriate responses to protect your IoT hardware.
Recent DNS client issues show how a commonly-used library, used in many IoT devices, can become a problem. While using a hybrid DNS server can help alleviate these issues, it’s another example of how having an active DNS management policy can help reduce the risks. Ensuring that your device’s DHCP scope is locked down to your servers, and that you limit access only to your own network can help ensure that only trusted DNS requests are delivered to devices.
Another wakeup call came from Asus, with its home routers vulnerable to third parties. As a result, the company is now requiring 20 years of audited security testing after a settlement with the US FTC. While customer-premises networking equipment isn’t directly IoT, the issues here speak to how ISPs and other large scale network providers need to manage customer-premises equipment. By analyzing DNS requests and DHCP allocations within a DDI implementation, they are able to detect anomalous behaviors and control access for compromised devices. The same techniques can be extended to other equipment managed remotely.
When it comes to the Internet of Things, a well-managed DNS is a key component of an effective security architecture. If you’re planning to deploy a large scale IoT infrastructure, be ready to take advantage of DDI to ensure control over your devices, no matter where they are or what network they are connected to.
Want to learn more about DNS security? Download the white paper below and