Internet of things: the future of prevention data

30 de December de 2014, by , Posted in News, 0 Comment

Recently, an international event of access to images generated by private camera video surveillance security systems showed how much we are vulnerable to hacker attacks due to the use of default passwords on devices. Cameras that allow users to have remote access are that give rise to the breach because it can be accessed from the Internet. The case has proved that Internet devices may include not only a privacy problem as well as data security. Images can be used to blackmail people – only in Brazil, more than two hundred cameras were invaded.

Public cameras located in the same network as your private computer or wireless devices allow the bad guys have access to your network. There are few places I know of that have network architectures that restrict access (known as VLANs). In a private residence is difficult for the average user to understand what is available from the Internet – it just plug it in and start navigating.

Many technologies, such as devices for affordable smartphones in the cloud and the Plug and Play, so common today, go right through firewalls. You must choose whether or not the transmission of private images is open to the world – with minimal work on Google and various databases, it’s easy to find out where this camera is installed and who lives in the house.

There is an Internet technology component of Things or Internet of Things (IoT), in English, which is not being addressed. Called small business or home network SOHO. The basic is that a pattern of your router or gateway are accessing the Internet or is potentially accessible through the Internet – and this has to stop. There is no reason for their private images are accessible to Internet criminals. You can protect these images with two-factor authentication – encryption via SSL or VPN technology – or some other type of secure application. Put anything directly on the Internet is an entirely bad idea. The monitoring platform managed MAX RemoteManagement of MAXfocus uses IP whitelist and an option for authentication 2FA.

This is the point and I am not a shareholder in a switching management company, but MSPs (managed service providers or managed service providers) need to understand VLANs and 802.1X. Just a few devices that do not need to be on the Internet and some who need limited Internet access. Modern small business network or home need a managed switch to deploy these technologies. It can be complex and you may need a nerd to deploy it and may involve certificates and encryption, and unless you have a research lab (which is the need of the MSP), you can not get it to work properly.

The idea is that you need to control what is outside your network and what is trying to invade it. If you have a smart meter in your home that need to connect with the power company, it should be on a separate network that only has access to the IP address on the Internet. It should not be on the same network as your home system or air conditioning or heating temperature control of your pool. This is simple to understand: a vulnerability in its digital video recorder should not end up completely compromise the iPad his daughter. This is what happens when a vulnerable device is placed on the same network with all the rest.

The Internet of Things will complicate the security environment at home, in business and in your daily commute. The concern of security managers is to Web servers, especially by different devices that have weak or default passwords. Unfortunately, many devices do not even require you to enter a unique password while logged, making room to cybers criminals.

The more devices with weak settings are added in the networks, the greater the vulnerability. Many wireless devices can guess passwords that give administrative access. Take, for example, a cybercrime module called Win32 / RBrute. It looks for default passwords on routers and access points from more than a dozen models. If he successfully logs on a router, it changes the default DNS (Domain Name System) for something malicious, such as fraud or access to other infected websites. This type of attack does not depend on the security of your computer, is a network attack layer, difficult to detect and very difficult to remove.

In the last four months, there were constant attacks on web servers as Heart Bleed and ShellShock, demonstrating the vulnerability of these embedded devices, forcing factories to produce patches for hundreds of thousands of devices. Many people believe that if your device is not exposed to the Internet, they have nothing to worry about. This could not be more worrying. Advanced malware seek exploitable devices within the network and end up finding a way to communicate with the criminals, since they already infected a device.

So, what are some tips to prevent?

  1. Register your device – manufacturers can better notify customers of security vulnerabilities.
  2. Repair and upgrade your device.
  3. Turn off unnecessary features – many devices come with “apps” and an abnormal amount of services.
  4. Change the default password – if your id or administrator password is discovered, you will have problems.
  5. Use the security features – some devices have lock-out capacity after attempts at stealing passwords and even built-in antivirus.
  6. Read reviews on the device you are looking to buy – take a good look at the reviews. If one mentions lack of security, it may be worth choosing another option.
  7. Monitor your device – performance metrics, activity logs and reports are important tools in the detection of compromised devices.

Full article: http://corporate.canaltech.com.br





Comments are closed.