Menu

IoT FEATURE NEWS

WRECK Vulnerabilities Highlight the Need for DNS Security in IoT Environments

By

In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success.

What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization. 

When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale.

  • IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack. 
  • IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks. 
  • Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.

A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways:

  • By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to malicious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours.
  • As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration.
  • In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that.
  • DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running. 

In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed. 

About the Author: Srikrupa has 20 plus years of experience in technology in various roles including software development, product management and product marketing. Currently, as Director of Product Marketing at Infoblox, she is responsible for messaging, positioning and bringing to market Infoblox’s security solutions that optimize operations and provide foundational security against known and zero-day threats. She has an MBA from University of California, Haas School of Business and a Computer Science Engineering degree




Edited by Maurice Nagle


SHARE THIS ARTICLE
Related Articles

The State of IoT-Enabled Customer Experiences: Genesys Report Affirms Opportunities Though Progress is Slow

By: Arti Loftus    10/20/2021

Four years following on the publication of the original "State of Customer Experience" in 2017, Genesys this week released an updated report, which ex…

Read More

Next Level Connectivity at Retail is Contextual, Personalized and Entertaining With Digital Shopping Carts

By: Arti Loftus    10/7/2021

Today, with the adoption of IoT, the retail industry has become more customer-centric, and the primary aim is to enhance the customer experience to it…

Read More

Education for All Requires Broadband for All: Best and Highest Purpose for the Infrastructure Bill?

By: Matthew Vulpis    10/7/2021

Today's classrooms are digital classrooms first, whether in place or extended through e-learning platforms and are being fed by information and conten…

Read More

Small Is The New Big: Faster, Smarter Connectivity and Compute at the Edge

By: Matthew Vulpis    10/7/2021

In recent years, we've seen a drastic increase in smart technology aimed at making our lives easier. These innovations focus on improving our physical…

Read More

Microdrones Announce Presentation to Introduce Drone That Can Collect Longer Range Data for Industries

By: Arti Loftus    10/6/2021

Drones are becoming commonplace as more industries begin to understand the value that they can drive. Not only can they save companies money but drone…

Read More