IoT Security

VH
VH used Ask the Experts™
on
Hi, I am looking at trying to make my Home IoT Devices more Secure,
Is it possible to push on-premise Traffic from my Home IoT Devices using a gateway appliance to push this traffic to the Cloud, like AWS / Azure and have WAF to filter out the Traffic or Block traffic access to the Internet?

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
Treat IoT as to how you will want to secure your internet surfing experience. You need a gateway or proxy to do the content filtering for the egress/ingress traffic through it. It should also provide the secure channel for remote access via IPSEC or SSL VPN. In addition, there is authentication if there are any form of remote admin access to manage your IoT from other remote places or from the mobility standpoint.

One worthy exploration is Cloud Access Security Broker  (CASB). They are called "brokers" because the technology that's involved is a gateway between an internal system and external cloud services. They are essentially components that catch data as it exits an internal network, and encrypts or "scrubs" it so that it's already secure as soon as it goes out into the cloud.

See example of IBM IoT security -
Most IoT solutions consist of three main tiers. IoT solution components that run in each tier need to incorporate specific security measures to protect against various vulnerabilities.


Devices/Gateways tier: Protect against a "fake" server that sends malicious commands, or protect against a hacker that tries to listen to private sensor data being sent from the devices. Security considerations for this tier are discussed in Part 1 (this article).

Network/Transport tier: Protect against a "fake" device that sends false measurements that might corrupt the data that is being persisted in the application. Security considerations for this tier will be discussed in Part 2.

Applications tier: Protect against the invalid use of data, or protect against the manipulation of analytical processes that are running in the application tier. Security considerations for this tier will be discussed in Part 3.
http://www.ibm.com/developerworks/library/iot-trs-secure-iot-solutions1/index.html
VH

Author

Commented:
Hi btan,

In my environment,  I have a Samsung Smart Tv, a smart baby Monitor and a radio.

what I would like to do is to be able to restrict traffic inbound to them to only certain IP Address and only certain outbound IP Address to these devices.

for my Smart TV only Netflix inbound / Outbound etc.  Can I used AWS Direct Connect using IPsec to AWS and have a Cloud Firewall like IPFire on an EC2 Instance or cheaper using aws firewall rules and NAT / ACL  Filter my smart devices at home to the Internet?
btanExec Consultant
Distinguished Expert 2018
Commented:
You can setup VPN in EC2 and access upon authenticated https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/

You can further restrict traffic inbound and out bound using EC2 security groups
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/authorizing-access-to-an-instance.html

Change all your administrative default account and use a strong passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html
btanExec Consultant
Distinguished Expert 2018

Commented:
suggested level of controls and practices given

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial