Security Protocols and Virtualization Strategies

By: Mike Peterson

Me (the Author) - "Oops, my phone wifi auto-connected to a network that I don't recognize the name of."

Hypothetical me - "Wow, the default printer is set to a OneNote account that I don't recognize the name of".  I'll talk about other hypothetical situations which include things like employees who play games at work while not taking the necessary precautions and exposing the company's network by opening up ports - port forwarding.

In 2020, 25% of identified attacks in enterprise involve IoT.  The other 75% come from humans.,%2C%20according%20to%20Gartner%2C%20Inc.

There are great business cases for the internet of things in every industry, but to-date the biggest success stories have come from: monitoring quality (manufacturing, etc) and also from predictive maintenance on a company's machines.  As far as predictive maintenance goes, your software lifecycle management could be vulnerable.  I'm referring to lifecycle as updating to the next version of the software.  "When simple artificial intelligence applications are given too much autonomy to act with too little verification of the readings they are employing, bad things can happen on the Internet of Things".  That quote is from the book "The Fifth Domain" by Richard Clarke and Robert Knake.

The implementation methods I discuss in this paper will protect you from intranet hackers as well as threats from the internet.  As was demonstrated by the Stuxnet attack that shut down the Iranian nuclear plants, IoT devices not connected to the world wide web are still vulnerable.  Another famous IoT attack is the Mirai bot that took over hundreds of thousands of IoT devices in the fall of 2016 and led to businesses losing millions of dollars.

It's been many years since 2016, and zero of the IoT and cyber security risks that were present then have been taken care of by something like a "Windows update." Information technology and business managers still have to take that extra step to secure their network. What has changed is an increase in botnets and themed attacks taking advantage of things such as the Covid pandemic.

With the excessive resources needed for the constant reconfiguration of new services, most business and information technology managers are confronted with two options: purchase an IoT security gateway or build one of your own.  The internet engineering task force (IETF) came out with the RestConf protocol (RFC 8040) and the Yang data modeling language.  MUD is an IETF standard (RFC 8520) that can be combined with RestConf and Yang to enhance network visibility by identifying each device and attaching a network policy to it.  The manufacturer usage description (MUD) puts a number similar to a social security number for humans or a MAC address for machines on each of your IoT devices.  Large corporations like CISCO use this standard.  If you contact Tobotics, we will show you how to implement this IoT security platform without adding a dime to your company's balance sheet by using XML files, Python programming, Yang data trees and the cloud.  Cloud companies like Amazon, Google and Microsoft can provide the virtual machines.  Another option you have is to use a managed service provider who can save you a lot of time configuring your security platform and sell it to you as a software as a service (SAAS).

In my humble opinion, network security is all about the assignment of network policies.  A big part of the network policy is the access list.  This tells the device who it can connect with.  An example is allowing a switch to only connect to a VLAN.  What you don't want is a "thing" telling the network what kind of access it requires without stating what kind of system it is.  If you are using Windows Server for your network, you will have to export the network policy server (NPS) via XML and use the PYang add-on for Python.  This Microsoft article from August of 2020 describes how to export the file.

A security measure that is easy to check and could save you some major damage is to use the Windows firewall to protect your ports.  Here is a situation:

For work reasons, an employee who has been under a lot of stress to save the company money decides to download BitTorrent to get his or her hands on some software.  The employee immediately uninstalls and removes the BitTorrent program after downloading what was needed.  I have personally checked what happens afterwards and you will find that the "BitTorrent" port is still open.  When I checked my computer, the port for BitTorrent and another game I deleted was still open.  You can block these ports by:

1) Type "Windows Defender Security Center" in the text box at the bottom left of your computer

2) Once in Windows Defender Security Center, click "Firewall and Network Protection"

3) Click "Advanced Settings" and then click "Inbound Rules"

4) Block ports that look strange

I like this definition of endpoint security - doing a behavioral analysis of network traffic without having to go in and parse the traffic.  The downside of this is that it's less granular and is more expensive as you have to buy software.  When implementing new standards and protocols like the ones I have described in this blog, it is smart to start with a test server.  This link has a diagram with two computers labeled Alice and Bob.  The proxy in that picture would be the test server.

All rights reserved.