Cyber Security

How do we secure IoT and Edge devices from being recruited into a massive DDoS botnet?

KE Asked by Kevin Peterson · 20-09-2023
0 upvotes 11,438 views 0 comments
The question

We are deploying thousands of IoT sensors for an industrial project. These devices often have limited processing power for heavy encryption. How can we ensure these endpoints aren't compromised and used in a Distributed Denial of Service (DDoS) attack without significantly increasing our hardware costs? 

3 answers

0
E
Answered on 10-01-2023

Regular firmware updates are vital. Most IoT breaches happen because a known vulnerability was left unpatched for months after a fix was released. 

KE 15-01-2024

I agree, Elizabeth. Having an automated OTA (Over-The-Air) update mechanism is no longer optional; it’s a security requirement for any large-scale IoT deployment.

0
R
Answered on 05-12-2023

Is there a specific lightweight protocol you recommend for these devices, like MQTT with TLS, that won't overwhelm a low-power microcontroller? 

D 12-12-2023

Robert, MQTT with TLS 1.3 is quite efficient if your hardware supports hardware-accelerated encryption. To answer you: if your chips are too weak for TLS, use a "Security Proxy" at the edge. The devices talk plain text to the proxy locally, and the proxy handles the heavy encryption for the internet-facing leg.

0
SA
Answered on 15-11-2024

The most cost-effective way is "Network Segmentation." Keep your IoT devices on a completely separate VLAN that has no access to your core business network. Use a gateway that performs Deep Packet Inspection (DPI) to monitor for outgoing traffic spikes. If a temperature sensor suddenly starts sending 50MB of data to an external IP, the gateway should automatically kill the connection. Also, ensure you change all default passwords before deployment; most botnets like Mirai thrive on simple "admin/admin" credentials that are never updated. 

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session