How to build a secure and robust IoT environment?
Jan 28, 2019

  Ohmae in the "Technology 4.0 " a book that: "Technology 4.0 era, the Internet is everywhere, not only connecting people, but also connect objects, things and things ; formed by Van things born of" a series of economic " will further change the global business model. "enterprises are facing this wave of digital tide , commercial operators will have to import digital architecture to enhance the entire production process and operational value. However, market changes have also triggered a new form of cybersecurity crisis, and information security has become an important key to digital transformation.   In the manufacturing industry, the integration of OT (Operational Technology) and IT (Information Technology) is the main factor affecting the digital transformation of enterprises, but most companies are not carefully considering how to incorporate OT 's network architecture when actively integrating the two. In the IT management platform ; the closed network OT encounters open IT , the machine IT will bring security vulnerabilities that have not appeared in the past, and the OT environment does not have too many various component devices like IT . Effectively solved by a single system, it is necessary to cross-protect in different ways.   Build a secure and robust IoT environment   Special anti-net ( Fortinet Wu Zhang Ming, director of technology) companies that in the past the attack is omnipotent, and now the attack is omnipresent. In the past, the history of the entire network security development, the first is computer anti-virus software and corporate firewall, only need to improve the protection of the two ; later there are different intrusion detection, penetration testing, virus variants, etc., integrated UTM ( Unified Threat Management , Unified threat management has emerged ; the third phase is the current BYOD ( Bring Your Own Device ) and IoT and Cloud Service . The company implements the BYOD policy, which enables employees to send and receive corporate emails and connect to the company's internal systems through personal mobile devices to improve work efficiency. However, the security of mobile devices has also become a dilemma for enterprise information security and equipment control. And IoT devices such as network cameras, unmanned aerial vehicles, intelligent vehicles, smart meters, etc., unlike a personal device ( Smart Device ) may also be input via the keyboard ( INPUT ), the output side of the screen ( Output ), each IoT means are possible Cut a large hole in the protective net.   How to establish a safe and sturdy IoT environment should be considered from a multi-faceted perspective, such as the cotton mesh is as dense as possible. Wu Zhangming suggested that you can start from the following points:   1. Wired and Wireless Access Security ( Secure Wired and Wireless Access ) For wired and wireless network interfacing a switch or the AP ( Access Point , Wi-Fi base station) will start building protection, security management capabilities to create a gateway, rather than into the data center ( the Data Center ) firewall only do security Protection. Instead of letting hackers go to their homes to attack, it's better to effectively prevent any unauthorized access to the Internet. 2. Isolation and encryption ( Segmentation and the Encrypted Communication )   Setting the firewall to isolate in the working environment can prevent unnecessary network traffic or viruses from spreading the infection through the intranet . It can even encrypt the endpoints and endpoints in the telecommunication network to avoid data tampering and leakage during transmission. Waiting for things. Further extending the antenna to IoT devices or personal computer devices can reduce the possibility of intruders spreading to other devices and ensure their security through data encryption.   3. RBAC ( Role-Based Access Control )   What is the user's identity when entering the system environment to connect to a specific host to operate or view and retrieve relevant data? Is it using a computer or a mobile phone tablet? In a conference room, office or in your own home? When did you make an application and what data to access? All have to have corresponding security controls. Therefore, it will affect the five factors of the person's identity, equipment, location, time, access to applications or resources, and give access to its role.   4. bug fixes ( Vulnerability & Patch )   Since most of the information security technologies are based on known viruses and attack techniques, it is difficult to exert a deterrent effect on existing protection strategies. A central unit is required to collect all the funds. The Network Security Information Sharing and Analysis Center ( N-ISAC ), which was officially launched in January this year , is to improve the real-time, correctness and integrity of emotional sharing through cross-disciplinary information sharing, in order to achieve a better network. Security warning protection. Also as Fortinet by agents of the FortiGuard threat intelligence cloud-owned service ( the Threat Intelligence Service ), will capture global cyber security threat intelligence in the cloud for real-time updates, or virus attacks trend analysis, providing users the prevention or repair method. 

  • facebook