IoT Security

Hi, I am looking at trying to make my Home IoT Devices more Secure,
Is it possible to push on-premise Traffic from my Home IoT Devices using a gateway appliance to push this traffic to the Cloud, like AWS / Azure and have WAF to filter out the Traffic or Block traffic access to the Internet?

Thanks.

Treat IoT as to how you will want to secure your internet surfing experience. You need a gateway or proxy to do the content filtering for the egress/ingress traffic through it. It should also provide the secure channel for remote access via IPSEC or SSL VPN. In addition, there is authentication if there are any form of remote admin access to manage your IoT from other remote places or from the mobility standpoint.

One worthy exploration is Cloud Access Security Broker (CASB). They are called "brokers" because the technology that's involved is a gateway between an internal system and external cloud services. They are essentially components that catch data as it exits an internal network, and encrypts or "scrubs" it so that it's already secure as soon as it goes out into the cloud.

See example of IBM IoT security -

Most IoT solutions consist of three main tiers. IoT solution components that run in each tier need to incorporate specific security measures to protect against various vulnerabilities.

Devices/Gateways tier: Protect against a "fake" server that sends malicious commands, or protect against a hacker that tries to listen to private sensor data being sent from the devices. Security considerations for this tier are discussed in Part 1 (this article).

Network/Transport tier: Protect against a "fake" device that sends false measurements that might corrupt the data that is being persisted in the application. Security considerations for this tier will be discussed in Part 2.

Applications tier: Protect against the invalid use of data, or protect against the manipulation of analytical processes that are running in the application tier. Security considerations for this tier will be discussed in Part 3.

http://www.ibm.com/developerworks/library/iot-trs-secure-iot-solutions1/index.html

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 69

btanExec ConsultantCommented: 2017-03-14

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

LVL 1

VHAuthor Commented: 2017-03-14

Hi btan,

In my environment, I have a Samsung Smart Tv, a smart baby Monitor and a radio.

what I would like to do is to be able to restrict traffic inbound to them to only certain IP Address and only certain outbound IP Address to these devices.

for my Smart TV only Netflix inbound / Outbound etc. Can I used AWS Direct Connect using IPsec to AWS and have a Cloud Firewall like IPFire on an EC2 Instance or cheaper using aws firewall rules and NAT / ACL Filter my smart devices at home to the Internet?

You can setup VPN in EC2 and access upon authenticated https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/

You can further restrict traffic inbound and out bound using EC2 security groups
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/authorizing-access-to-an-instance.html

Change all your administrative default account and use a strong passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html

btanExec ConsultantCommented: 2017-04-03

suggested level of controls and practices given

IoT Security

Who is Participating?