Cyber Security

What are the best ways to secure unmanaged IoT devices in a corporate network environment?

BE Asked by Betty Young · 22-03-0204
0 upvotes 12,470 views 0 comments
The question

Our office is full of smart thermostats, cameras, and printers that don't support traditional security agents. These unmanaged devices seem like a massive backdoor for attackers. How are you all handling IoT security without a dedicated budget? Is simple VLAN isolation enough, or should we be looking at more advanced Network Access Control (NAC) solutions? 

3 answers

0
KA
Answered on 24-03-2024

VLAN isolation is the absolute bare minimum. You should move all IoT devices to a dedicated, restricted segment that has no route to your internal production data. However, for a more proactive approach, you need to use passive network monitoring. Tools like Armis or Claroty can "fingerprint" these devices and alert you if a smart fridge suddenly starts trying to port-scan your domain controller. Since you can't install agents on these devices, you must rely on traffic analysis to detect anomalies. Also, always change the default credentials and disable UPnP on every device before it hits the wire. 

0
DA
Answered on 26-03-2024

If you use VLANs, how do you manage the "shadow IoT" problem where employees bring in their own smart gadgets and plug them into the nearest Ethernet port?

ST 28-03-2024

Daniel, that's where Port Security and MAC filtering come in. You should configure your switches to only allow authorized MAC addresses on specific ports, or use a NAC like PacketFence to automatically shunt unrecognized devices into a "quarantine" VLAN until they can be vetted. It requires some manual effort initially, but it completely prevents unauthorized hardware from gaining a foothold on your primary network.

0
DO
Answered on 30-03-2024

Don't forget to keep their firmware updated! Many manufacturers release security patches that people never install because there's no "update" button on the physical device. 

BE 01-04-2024

Dorothy is right. Many IoT breaches occur via old vulnerabilities that were patched years ago. Setting a quarterly schedule to manually check for and apply firmware updates for your printers and cameras is a simple but highly effective way to reduce your attack surface.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session