DNS Security and the Internet of Things
by Serena Raymond on Aug 17, 2021 12:00:00 AM
The Internet of Things (IoT) is one of the greatest byproducts of cloud computing and artificial intelligence. It encompasses the vast network of physical things which have the ability to collect, connect, and transmit data over the internet without human assistance.
The scope of IoT is nearly limitless, ranging from basic household automation tools to industrial sensors. Due to its extensive reach, however, IoT networks have become a prime target for cyber attacks. What’s more, the volume of new devices and operational requirements put stress on DNS and complicate network security.
Read on to get a better understanding of the relationship between DNS and IoT and why DNS security is so important for your IoT devices.
Just how popular is IoT?
There are currently more active IoT devices than humans on this planet (by tens of billions). Some reports estimate that we’ll reach 75 billion devices in the next three or four years. The average American household has around 50 connected IoT devices, and organizations are increasingly turning to IoT technology to run their business.
Of course, IoT assists consumers with tasks such as ordering staple items, streaming media to various devices, and interacting with virtual assistants. You can find doorbell cams, garage door openers, robotic vacuums, coffee makers, air quality sensors, security systems, lights, and thermostats. Even household objects like refrigerators, dishwashers, and mattresses aren’t immune to the IoT craze.
From an industrial standpoint, IoT is used for sensors and safety systems. For example, manufacturers can track a shipment’s exposure to temperature fluctuations, undue pressure, or unwanted levels of humidity, light, and tilt by using sensors that connect to the internet. There are GPS tracking devices that can monitor a company’s assets and vehicles, wearables for employees, intelligent forklifts, and smart machines. Businesses install smart locks, smart lighting, and smart cameras in the office. Many shops operate using mobile card readers.
At its core, IoT is a jack-of-all-trades that helps consumers, businesses, and industrial enterprises connect, cut costs, save energy, improve productivity, and boost efficiency.
IoT security risks
Given these advantages, it’s no surprise that 94 percent of retailers believe that the benefits of implementing IoT outweigh the risk. However, there are risks. Everything is connected—which makes everything that much more vulnerable. For one, every IoT device added to a network presents a new vector by which a cyber criminal can infiltrate and cause harm. Secondly, IoT puts stress on DNS.
Take this alarming statistic, for example. According to a recent NETSCOUT Threat Intelligence Report, IoT devices are “under attack five minutes after being plugged in and targeted by specific exploits within 24 hours.” The reason? “IoT security is minimal to nonexistent on many devices,” the report posits, “making this an increasingly dangerous and vulnerable sector.”
In a recent DNS security roundtable, one IT professional lamented that, “[Commercial IoT devices] are basically black boxes that no one gets access to. They’re on your network, they're linked, and you don't have any control over that box. You barely know they exist, so how can you secure something you don't know about?”
Oftentimes IoT manufacturers concentrate on connection—not protection—leaving IoT security up to the end user. Furthermore, these devices aren’t upgraded to address vulnerabilities the way that the rest of a company’s hardware and software are. Many IoT applications come with hard-coded IP addresses and default credentials that are difficult, if not impossible, to change.
To further complicate the matter, there are many network protocols for IoT applications, making the market very fragmented. Some devices operate using 5G, while others utilize WiFi or Bluetooth. There’s also Zigbee, LoRaWAN, and the increasingly popular Z-Wave. The bottom line is this: IoT devices have minimal security and oversight, and since they provide an entry point to your network, they make you more vulnerable to attack.
IoT and DDoS
As we’ve already mentioned, IoT can cause stress on DNS. These devices account for a significant number of DNS queries, and their operations are often invisible to end users. IoT technologies constantly ping servers and look up domain names to check for network availability, for example. While it may be manageable on a day-to-day basis, if millions of devices were to update at the same time, DNS resolvers would be inundated with queries. Whether from IoT device engineers using DNS naively to operate their application, or misconfiguring resolvers to accept DNS queries from anyone on the internet (rather than limiting access solely to the intended client), IoT can overwhelm DNS.
Pressure on DNS isn’t always unintentional, either. IoT devices are a common target for Distributed Denial of Service (DDoS) attacks. Botnets can infect large numbers of IoT devices (be they cameras, HVAC systems, coffee makers, or industrial sensors) and coordinate a DDoS offensive that grinds operations to a halt. This form of DDoS attack is very difficult to fix, as each IoT device has its own restoration procedures.
How do you protect IoT devices?
Clearly, IoT devices pose security risks. However, just because you can’t manage each device doesn't mean you can’t control and protect them.
One option is to put all your IoT devices on their own network, consistently monitor it for any threats, and lock it down in the event of an incident. However, this is complicated and requires your IT department to step in every time you want to configure a new device. It also requires that you be aware of every IoT device on your network—a near impossibility if you work in an office where anyone can bring a consumer IoT device to work and connect to the network.
Luckily, there’s a much easier way. The relationship between IoT and DNS is powerful. DNS is often the only option you can configure on an IoT device. As a result, DNS threat protection is the best option for securing your technology.
DNS protocols allow you to monitor which sites your IoT devices are communicating with. More importantly, DNS configurations offer you the ability to restrict the domains with which your devices can resolve. By leveraging DNS filtering technology, you have the power to approve which domains IoT can access and which must be blocked. Not only that, but you’ll be protected from connecting with all known malicious websites. The best part is that this solution is infinitely scalable (a must for IoT).
DNSFilter can protect your IoT devices
IoT is now one of the most powerful, integral technologies that connects us. It’s pervasive in society and in business, and there’s so much to be grateful for. However, it’s a double-edged sword that can make us vulnerable just as it improves the way in which we do business. Luckily for you, you don’t have to choose between convenience and security. By implementing DNSFilter, you can protect your network—smart boards, coffee makers, and robotic forklifts alike.
Sign up today for a free trial and see just how easy it is to secure your organization’s IoT devices.
DNSFilter has been named a leader in Secure Web Gateway, DNS Security, and Web Security categories on G2, earning an impressive 29 badges and named in 29 reports. This includes new badges such as High Performer EMEA and Leader Americas in the Web Security category.
These accolades are a testament to our commitment to our customers. We are particularly proud of our badges for ease of implementation, administration, and quality support. Providing ...
At the end of June, Vint Cerf, one of the “fathers of the internet” published an article on Medium in response to a drafted bill by the French Republic. You can read the original French proposal here, but we’ll also include a version translated into English at the bottom of this article.
First, let me provide a quick summary of what the bill is proposing:
Spurred on by the proliferation of cyber threats and attacks, the government of France is pr...
If you’re a football fan like many of us at DNSFilter, it’s possible you have a fantasy league in the office or with your friends. Our #sportsball slack channel is keeping many of us going as the weather cools down and the days get shorter. It’s a fun way to discuss and track the football season (and potentially win bragging rights and the respect of your fantasy prowess).
Now you might be thinking, “How on Earth could fantasy football possibly ...