People are finding new ways every day to enable IoT capabilities to once-manually operated devices, including door locks, solar panels, thermostats, refrigerators, dishwashers, soda machines, watches, fitness trackers, security cameras and more. There could be 50 IoT devices in your school or office, or there could be 150. As digital transformation continues to impact every industry, facilities are proactively installing new IoT devices without realizing that the IT Department should have been notified prior to installation. This disconnect is caused due to a lack of awareness around the potential effects these devices may have on the network: wired or wireless. Let’s take a look at what those common issues are and the best ways to avoid them.
IoT devices operate in dense environments. Whether in a school, office or hospital, IoT is not the only object placing demand on the radio frequency (RF) spectrum. There are Bluetooth devices, WiFi-enabled devices–like phones and laptops–and even objects like microwave ovens. These devices have varied operating protocols or standards, yet they all need to be able to use the spectrum simultaneously.
Even if an environment only has IoT devices–probably impossible to find outside of a research environment–the same issue holds true. These devices can have different operating standards and are all competing for access to the unlicensed spectrum. Prime examples of devices using WiFi’s 2.4GHz or 5GHz frequency band include cordless phones, microwave ovens, baby monitors and Bluetooth devices. The available spectrum is divided into multiple bands, and each band is generally divided into a smaller number of channels. Communication over the wireless medium is half-duplex in nature, meaning only one device can communicate at a time. When there are relatively few devices around, this isn’t a problem. However, with today’s schools, businesses and healthcare facilities’ heavily reliant on IoT-enabled devices for daily operations, it’s an entirely different story.
Any device can cause unintended interference with any other device, creating weakened operational performance such as an extremely slow connection or loss of connection/service entirely. The more devices that are added to an environment, the higher the likelihood of interference issues. If IoT devices are only growing in number, how do we solve these issues?
100% Network Visibility: Identify Your IoT devices
In order to manage the diverse number of devices on our networks, it’s necessary to have 100% network visibility. The first step is to identify what is on your network, including both known and unknown devices. This is the only way to know exactly what is occurring on a network, to identify any issues and to have the information required to resolve issues. With complete, real-time visibility, we can understand if our 100+ IoT devices are playing nicely together or if they are fighting to the death for access and performance.
This type of visibility is available with different WiFi analytics tools that leverage artificial intelligence (AI). These tools work 24/7, identifying and analyzing all data on the RF spectrum, providing the vital information needed for network optimization. It’s important to make sure the tool reports 24/7 on the entire RF spectrum or non-WiFi devices won’t be able to provide information. You also want to make sure that the tool has multiple radios. A single radio would have to time-slice when scanning multiple channels (aka frequencies), whereas, with the help of multiple radios, it’s possible to dedicate radios to specific channels for non-stop coverage.
Now, onto our next common issue. As we mentioned previously, IoT devices are designed to either gather and/or send information. This information might be stored on the device or directed back to the vendor, cloud or another device. The security risk arises when either the device is gathering unauthorized data or when someone hacks into the device to either steal data or use it as a malicious instrument.
There have been a plethora of news stories discussing devices like security cameras, printers, refrigerators and thermostats being hacked. Hackers can use the devices to coordinate DDoS attacks to spy on schools or businesses, steal sensitive information or install ransomware. Hackers are also capable of using the device to gain access to other devices connected to the network, compounding the threat.
Not a good situation. So, what do we do?
We want to identify and isolate, as much as possible, IoT devices in their own world. In other words, we want all our IoT devices to be on a separate network from the primary network. One pro-active solution for enterprises to safeguard their operations include launching three broad categories of networks:
- One for authorized officials
- One for guests
- One for other uses, like IoT devices
The primary network should be reserved for all sensitive data–patient data, student data, and corporate finances–and access should be restricted. The guest network is just as it sounds and the third network can be for all other miscellaneous items. By organizing our networks in this way, we can avoid scenarios where malicious individuals can hack into an IoT device and gain access to sensitive, personal data.
To further tighten security, devices should be programmed to have access to only certain websites. This is known as a source-based or destination-based firewall.
- Source-based: The firewall is designed to only allow access from certain recognized IP addresses. Think of this as the device showing its ID Card and receiving access after proving its identity.
- Destination-based: The device is only authorized to visit certain IP addresses. Think of this as the device showing its ID card and being permitted to only enter certain locations.
Decide which scenario makes the most sense for you and program your firewall accordingly.
Pro Tip: It’s a good idea to periodically run network security tests to ensure that your firewalls are operating as designed.
In the future, IoT devices are only going to grow in number and diversity. Taking the right precautionary steps now to ensure that your network is designed to work with these devices without any network degradation or security risks is vital for devices staying secure. Don’t underestimate the power and affect these devices can have on a network, but don’t panic either! Follow these tips and you can keep your network optimized.Written by Anil Gupta, CTO and co-founder, Wyebot