Securing Your Internet of Things
Right behind every cyber-scare comes a gaggle of “new” solutions. Sure enough, we’re seeing new security appliances purportedly designed to protect the IoT devices on your home network. But are they new, and do they protect? Do you even need another separate device? Read on to get the straight story…
How to Protect Your Gadgets
The word is out that the fast-growing “Internet of Things” is woefully unsecured against hackers and malware. I discussed this enormous problem in my article, The Internet of Insecure Things. Naturally, readers are wondering what they can do to secure their cameras, printers, smart light bulbs, coffee pots, and other IoT vulnerabilities.
In my article IoT Security News Just Gets Worse, I advised making sure that your Internet router does not have a weak or factory-supplied password, and turning off remote access to the router. It's also important to change the password of every internet-connected device (if it has one) to something strong and unique. Beyond those steps, here are some additional options to consider.
Cujo is a “smart firewall,” says the company’s CEO, Einaras Gravrock. Installed between the Internet and your home router, Cujo monitors all traffic in and out of your network. Suspicious traffic triggers alerts that appear on a smartphone app, e. g., “We blocked an unauthorized attempt to access device ‘IP camera’ from [IP number].” You can then close the intruder’s connection, or leave it open if it’s actually authorized.
The Cujo device costs $77 on Amazon but there’s also an $8.99 monthly fee to be part of Cujo’s community of users. Every time a new threat is detected by a Cujo, information about it is shared with all other installed Cujos. (Yes, other security solutions do update their threat databases free of charge.) “We’ve sold about 5,000 units directly already,” Gravrock told Tech Crunch. “The biggest surprise for me has been that it’s your average user who no longer feels private at home, may put the duct tape over his webcam and just wants something that works — doesn’t want to spend days and months changing things.”
Gravrock is talking about the learning curve that some firewall products have. The free GlassWire for Windows outbound firewall is an example. When first installed, it treats every attempt to access the Internet as suspicious, generating alerts frequently. As the user responds to alerts, Glasswire remembers whether an app is legit and alerts become fewer.
Dojo is also a firewall, although the word is not found on the company’s site. Dojo costs $99 but there is no additional monthly fee; each Dojo device is isolated from others. The Dojo appliance consists of two objects: a normal-looking box with Ethernet ports and a “pebble” that can be placed anywhere in the home. The pebble glows when an alert needs attention. Dojo should be available in December, 2016.
Buy or Roll Your Own?
Home firewalls are nothing new. The Bitdefender BOX debuted in late 2014. In addition to inbound/outbound firewall protection, the BOX includes Bitdefender’s award-winning antivirus; anti-ransomware protection; ” reputation-based “safe browsing;” parental controls; and optimization code that speeds up every device on your network. Today, Bitdefender BOX is selling for $129, down from $199.
You don’t have to spend money on a new firewall appliance. If you have a bit of time and patience, you can configure your existing router to protect all devices connected to it from hackers.
Most routers allow you to create multiple networks with different SSIDs, or network names. You could create one network for computers and their peripheral devices, and another network for light bulbs, coffee pots, etc. Then, if one of the IoT devices gets hacked, the intruder will have great difficulty getting to your sensitive data on the “computer network.” This technique limits damage, sort of like the watertight bulkheads in ships, but it does not block intruders. You'll need to do a bit of Googling to find the details specific to your router in order to implement this.
Another DIY technique involves listing the MAC addresses of all the devices on your home network. (In this context, MAC stands for "media access control" and has absolutely nothing to do with Apple or Mac computers.) A MAC address is a unique identifier hard-coded into every device that can connect to a network. Your router can be configured to allow only the devices with specified MAC addresses to connect to it. Outsiders cannot join your network and rummage through all the devices on it.
You should be able to find the MAC addresses for your devices by logging into your router and poking around. If that's too daunting, the free Device Detection Agent from Who’s On My WiFi will take an inventory of every device on your network and list their MAC addresses. The downside of this technique is that it's a bit of a nuisance to update your list of allowed MAC addresses when a visitor in your home wants to connect their mobile phone or laptop to your your WiFi.
Are you taking any steps to secure your router and any "smart" gadgets connected to it? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 17 Nov 2016
|For Fun: Buy Bob a Snickers.
Geekly Update - 16 November 2016
The Top Twenty
Your Next Printer: Inkjet, Laser, or All-In-One?
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Securing Your Internet of Things (Posted: 17 Nov 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved