Deploying dynamic defences from sensors to user apps
DDoS attacks continue to dominate the cybersecurity agenda. 2021 saw the largest number of attacks ever launched, with Australia the third most targeted country in application DDoS attacks. Microsoft’s Azure platform alone stopped an average of almost 2,000 attacks per day and the notorious Apache log4j DOS threat was ongoing as recently as December 2021.
The IoT is no less impervious to attack than traditional websites and web services, including cloud-based storage and application layers. Specialist end-to-end IoT providers invest heavily in hardening their networking solution to defend and secure systems from DDoS attacks across their modular architecture.
A complete solution for preventing successful DDoS attacks
Four key components keep your IoT systems safe against DDoS:
- Sensors and devices – collect data from your environment
- Networking and connectivity – deploying and managing cloud-based sensors
- Data processing – from raw data to knowledge
- Application – offering visibility and automation
1. Sensors
IoT security starts with the hardware – your IoT provider is likely to work with off-the-shelf and bespoke products.
Physical security is more than a strong box. The printed circuit board (PCB) and cabling are encased in damage and tamper-proof housing. The data is protected even if someone could get to the hardware with the storage media using encryption and self-signed certificates for user verification. The PCB hardware should be certified as the highest quality available to ensure seamless interoperability and continuity of service.
The sensor software, or firmware, also needs top level security – that data is your intellectual property. Moving it securely from the sensor to the gateway employs various levels of security verifications and protocols.
- Network gateway
Once your sensors are in hand, your IoT specialist installation team ensures networks are meticulously planned for seamless, reliable function. This includes:
- assessing the environment and recommending the most appropriate network solution – LoRaWAN, 3G/4G connectivity, satellite or a combination
- installing gateways and routers/switches to ensure the best internet connectivity
- installing and engaging all the required routers and switches.
The network gateway connects the sensor to the cloud – a data centre that’s reached through the public internet and a key entry point for malicious intent. Check your IoT provider uses the MQTT protocol for a cleartext exchange of information to verify the information packets.
- Data processing
Data centre tenancy is shared by multiple hundreds of users. This demands firewalls and other network-based architecture to ensure privacy and security between tenants.
Several layers of security are highly recommended. While some layers are implemented and assured by the server host (think Azure or AWS) other cybersecurity layers are implemented by data owners.
- Application layer
Once the data centre has dealt with security, analytics, storage and computing – and pushed the model back to the edge node – data and reporting are available through your IoT user app.
We’re all familiar with application-based security, like multi-factor authentication. Other common security measures are allow listing (allowing certain IP addresses access) and deny listing (refusing access to certain IP addresses). Web application firewalls (WAF) are another way of filtering application level requests – often the first port of call for DDoS attackers who might mimic a certain URL or IP address.
If your system is breached or affected by a DDoS, there are ways to mitigate the effect. Look for a provider who uses replication services so that, for example, if a server in Sydney is down, the Perth server takes over.
Multiple data centres also work together to load balance. Where a DDoS attack literally floods a site or service with false requests, threatening loss of service, load balancing kicks in to ‘absorb’ the attack while ensuring continuity of real service.
Need help keeping your IoT deployments safe and secure? Learn more about end-to-end managed services for IoT.
What’s under the hood of Australia’s most secure enterprise IoT network?
365mesh
365mesh offers end-to-end IoT solutions – from design and install of physical sensors and devices, through network and deployment, data processing and an application that delivers visibility and task automation. The glue that holds it all together? Edge computing.
Outcomex, owner and creator of the 365mesh platform is a Cisco Gold Integrator and IoT Specialised. Our team of CCIEs are experts in networking and connectivity. Outcomex is a two-time award winner of Cisco’s Global Partner Innovation Challenge for cutting-edge IoT industry solutions. Contact the 365mesh team to get started with Cisco hardware for your IoT deployment.
Read More from This Article: An IoT solution built to avoid DDoS
Source: News