Menu

IoT FEATURE NEWS

WRECK Vulnerabilities Highlight the Need for DNS Security in IoT Environments

By

In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success.

What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization. 

When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale.

  • IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack. 
  • IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks. 
  • Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.

A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways:

  • By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to malicious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours.
  • As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration.
  • In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that.
  • DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running. 

In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed. 

About the Author: Srikrupa has 20 plus years of experience in technology in various roles including software development, product management and product marketing. Currently, as Director of Product Marketing at Infoblox, she is responsible for messaging, positioning and bringing to market Infoblox’s security solutions that optimize operations and provide foundational security against known and zero-day threats. She has an MBA from University of California, Haas School of Business and a Computer Science Engineering degree




Edited by Maurice Nagle


SHARE THIS ARTICLE
Related Articles

United for Infrastructure Calls for America to Lead With Infrastructure: Private, Public and Labor Leaders to Speak at Multiple Events Next Week

By: Arti Loftus    5/7/2021

As the U.S. continues to roll out economic recovery investments, including potentially trillions of government funding to be allocated across all fift…

Read More

Cloud Services Fueling Formula 1 Results

By: Maurice Nagle    5/6/2021

Legacy solutions get lapped in a competitive landscape, and Zadara wants to ensure all partners can keep pace with the lead pack. Just as the cloud ca…

Read More

How Two Companies Partnered to Turn Up 70 Smart Cities in India

By: Juhi Fadia    5/3/2021

India is the global leader in IoT with over 40% market share. According to several analyst firms' predictions, the 2020-2025 CAGR will average 55%. Th…

Read More

Innovations in "Industrial Strength" Infrastructure: Preparing for the Potential to Upgrade The Physical and Digital World as the U.S. Congress Considers Massive Investment

By: Arti Loftus    5/3/2021

Last month over 75 companies virtually attended the 2021 Frontier Conference, a two-day virtual conference for up-and-coming leaders in the industrial…

Read More

ZEDEDA Introduces Kubernetes Clusters and Hardware Simplification Solution Citing Collaboration with SUSE

By: Arti Loftus    4/30/2021

Following on a series of announcements over the past few months, ZEDEDA today introduced a new Kubernetes direct integration solution designed to simp…

Read More