Cyber Security

How do I secure IoT devices on my corporate network from becoming botnet entry points?

BA Asked by Barbara Adams · 21-01-2024
0 upvotes 10,504 views 0 comments
The question

Our office just installed a suite of "smart" HVAC and lighting systems, but I’ve heard horror stories about Mirai-style botnets using these weak devices to launch DDoS attacks. These devices often have hardcoded passwords or unpatchable firmware. What is the best strategy to isolate these "untrusted" IoT devices from our sensitive production servers while still allowing them to function and receive updates? 

3 answers

0
NA
Answered on 15-03-2024

The "Golden Rule" for IoT is physical or logical isolation. In 2023, I helped a warehouse secure 200+ smart sensors by placing them on a completely separate VLAN (Virtual Local Area Network) with no "east-west" traffic allowed to the main server VLAN. You should implement a "Strict Outbound" policy—only allow the devices to talk to their specific manufacturer's update server and block everything else. This way, even if a device is hacked, it can't "phone home" to a command-and-control server or scan your internal network for vulnerabilities. 

0
C
Answered on 18-03-2024

Have you looked into using a "NAC" (Network Access Control) solution to automatically identify and profile new IoT devices as they connect?

NA 20-03-2024

That’s exactly what’s needed for scale, Charles! A good NAC like ClearPass or Cisco ISE can "fingerprint" a device. If it sees a smart bulb trying to act like a database server, it can instantly kick it off the network. For Barbara's situation, this takes the manual guesswork out of security. It’s about automated enforcement—because you can’t manually watch every smart device in a modern office 24/7.

0
K
Answered on 22-03-2024

Change the default passwords immediately if the device allows it. It sounds simple, but it’s still the number one way botnets spread. 

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session