Watching those mistakes being made over and over inspired us to prepare this short and handy list of 7 basic steps to make your IoT devices secured. Keep it safe, guys!
1. Change the default password
For many, it’s obvious, but Shodan’s service and everyday attacks show how many users forget about it. If you have already purchased a RapsberryPi or an IP camera and connected it to your network, make sure that it is not an open gateway for Internet attacker and make the password difficult to guess! And – perhaps – get interested in password managers, e.g. LastPass.
2. Firmware updates
This is not always possible, especially for cheaper devices imported from China. Many manufacturers, after launching the product, forget about them and discovered vulnerabilities are often being used for destructive attacks. If you are standing in front of a potential new network printer or smart light bulb, check if the manufacturer is still actively supporting this device and releases patches and updates regularly. If you already have equipment connected to the network, check if there is newer version of the firmware available on Internet forums. Maybe you’ll even consider installing the software version created by users?
3. Configure the firewall
This is not always possible, but in the case of devices with a advanced operating system (NAS, RaspberryPi) users generally forget about setting up the firewall. Although the topic may seem difficult, you can often find guides on the Internet, that describe in detail how to do it step by step.
4. Disable unused services, services and ports
By limiting the “gates” that are open to the world in your device, you also limit the possible vectors of hacker attacks. If you do not use TELNET (well, you shouldn’t anyway), simply turn it off. If you do not need a page with a product visible on the web, disable the web server and restrict port forwarding. If you do not use FTP in your NAS, disable the service and block ports.
5. Use VPN
Instead of opening your local network directly to the Internet, consider launching a VPN server. It will allow you to connect to your network devices from anywhere on earth in a very safe and resistant to many forms of attack way. An additional bonus is secure Internet access in places with high risk of third party interference in network traffic – all you need is a secure tunnel to your VPN network, so you do not have to worry about hackers hunting at hotspots in coffee shops and airports.
6. Turn on two-factor authentication
It is still rare, but more and more IoT devices appear on the market, that allow this form of security. Having a strong password and confirmation of logging in with a code sent by SMS, will make it very difficult to take over the devices by unauthorized people.
7. Update your router
This point coincides somewhat with the “Software Update” step, but carries a slightly different message. Router is your internet gateway. This is the place that directs traffic in both directions and which is the first point the aggressor reaches when he wants to get to your network. Replacing the router with a newer model is always a good idea (manufacturer support, less known vulnerabilities), but not always necessary. There are interesting projects, such as Tomato, OpenWRT, which can change the age-old router beyond recognition. It is a way to update security and go with the times when finances do not allow it. Unfortunately, not every router is supported, so you should look at the list before buying a new device.