Menu

IoT FEATURE NEWS

WRECK Vulnerabilities Highlight the Need for DNS Security in IoT Environments

By

In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success.

What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization. 

When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale.

  • IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack. 
  • IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks. 
  • Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.

A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways:

  • By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to malicious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours.
  • As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration.
  • In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that.
  • DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running. 

In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed. 

About the Author: Srikrupa has 20 plus years of experience in technology in various roles including software development, product management and product marketing. Currently, as Director of Product Marketing at Infoblox, she is responsible for messaging, positioning and bringing to market Infoblox’s security solutions that optimize operations and provide foundational security against known and zero-day threats. She has an MBA from University of California, Haas School of Business and a Computer Science Engineering degree




Edited by Maurice Nagle


SHARE THIS ARTICLE
Related Articles

EdgeXFoundry Rolls Out Second Major Release, Taking Developers to Ireland

By: Arti Loftus    8/3/2021

EdgeX Foundry, a project under the LF Edge umbrella organization within the Linux Foundation, has introduced a second major release with advances in A…

Read More

Kore & Laird Connect with Wireless IoT Coup

By: Maurice Nagle    8/2/2021

Today, Kore Wireless and Laird Connectivity announced a new partnership to provide wireless IoT sensors, gateways and services capable of delivering c…

Read More

The Growth of Smart City Initiatives in the City That Never Sleeps

By: Matthew Vulpis    7/30/2021

Today, the technology developed to create the so-called "smart cities" can make cities more effective and efficient in the use of resources, a necessi…

Read More

Kajeet Delivers Secure Device and Application Management in DirectAccess

By: Maurice Nagle    7/29/2021

Kajeet announced the arrival of DirectAccess, a secure private pathway for organizations to manage IoT devices and mission critical applications at sc…

Read More

Springfield Smart City Planning Starts with Smart Streetlamps

By: Maurice Nagle    7/29/2021

The City of Springfield, Illinois announced a preliminary plan to deploy new technology, allowing the city to save money and energy via increased effi…

Read More