Friday, August 04, 2023

IoT vs. NoT: The Differences and Device Security

 In the ever-evolving world of technology, the Internet of Things (IoT) and the Network of Things (NoT) have emerged as two distinct paradigms, each with its unique features and security considerations. In this article, we'll delve into the dissimilarities between IoT and NoT devices, explore the advantages of separating them in subnets with appropriate firewall rules, and discuss how NoT can provide a more secure approach to smart device networking.

While IoT has become a ubiquitous buzzword, extensively employed by companies in sales and marketing to tout the allure of connected devices, the term NoT remains relatively obscure in mainstream usage. It is primarily embraced by technology enthusiasts and advanced users who recognize the importance of segregating their devices for improved security. Surprisingly, many companies tend to avoid the NoT terminology, perhaps due to its association with localized, non-internet-connected devices, which might be perceived as limiting the product's appeal. As a consequence, the lack of widespread understanding about NoT's potential benefits and security advantages prevails, leaving it largely under the radar in comparison to the widely promoted IoT landscape. Nonetheless, informed consumers and security-conscious individuals recognize the value of NoT and its role in bolstering device security within a local network environment.

Connectivity and Functionality

IoT devices are characterized by their internet connectivity, enabling them to communicate with remote servers for various purposes. Some IoT devices necessitate internet access to function properly, while others merely use it to "phone home," sending data to the manufacturer or cloud-based platforms. On the other hand, NoT devices are designed to operate solely within the local network, without requiring external internet connections.

Segregating IoT and NoT devices into separate subnets is a sound security practice. By doing so, we can implement tailored firewall rules for each category. For NoT, the firewall should disallow any internet communication, restricting traffic solely within the local network. This containment minimizes potential attack surfaces and prevents unauthorized access to NoT devices.

Subnet Separation

To ensure optimal security, IoT and NoT devices should be placed in their respective sub-networks, ideally isolated through the use of VLANs (Virtual Local Area Networks). Subnet separation allows for efficient traffic management and reduces the risk of unauthorized access to sensitive devices.

A subnet is a logical division of an IP network, enabling devices within the same subnet to communicate directly without the need for a router. Subnetting allows network administrators to organize and segment devices based on specific criteria. For example, consider two subnets: 192.168.100.x for IoT and 192.168.200.x. for NoT. Devices in the 192.168.100.x subnet will have IP addresses like 192.168.100.1, 192.168.100.2, and so on, while devices in the 192.168.200.x subnet will have IP addresses like 192.168.200.1, 192.168.200.2, and so forth. A network mask of 255.255.255.0 will prevent the 2 subnetworks to "talk" to each other without the use of an router.

Advantages of VLANs for Security

Virtual LAN (VLAN) is a network technology that enables the creation of multiple virtual LANs within a single physical network. VLANs segment network traffic logically, keeping devices in one VLAN separate from devices in another VLAN. Each VLAN behaves as if it were a separate physical network, even though they share the same network infrastructure. For instance, VLAN 10 might be dedicated to IoT devices, while VLAN 20 could be reserved for NoT devices.

VLANs provide enhanced security for smart networks in several ways. Firstly, they limit the communication scope of devices to their designated sub-network or VLAN, effectively isolating them from other parts of the network. This containment reduces the chances of unauthorized access and potential lateral movement by attackers. Secondly, in case of a security breach or compromise of a device within a VLAN, the impact is confined to that particular VLAN, preventing the attack from spreading to other parts of the network. Lastly, VLANs simplify the implementation of firewall rules, as traffic between VLANs can be explicitly controlled, allowing for finely tuned security policies tailored to each device category.

By employing subnet separation and VLANs, users can strengthen the security of their IoT and NoT devices, creating distinct boundaries that hinder malicious actors from easily infiltrating their network. This proactive approach to network segmentation enhances overall security and safeguards valuable data and devices from potential cyber threats.

Enhanced Firewall Rules for IoT

IoT devices, due to their internet connectivity, are more vulnerable to cyber threats. Therefore, the firewall rules for IoT should be carefully crafted, permitting only essential communication. For instance, allowing access to NTP (Network Time Protocol) servers for accurate time synchronization and enabling update checks to ensure devices are running the latest firmware or software. Additionally, inspecting traffic and logs is crucial to identifying any suspicious activity and maintaining IoT device functionality without exposing them to undue risk.

Certain IoT devices can be converted into NoT devices with proper firewalling rules and configuration adjustments. This transformation eliminates their direct exposure to the internet, thereby fortifying their security posture. By limiting their communication channels to the local network, we significantly reduce the likelihood of external attacks.

Firewall rules play a pivotal role in bolstering the security of subnet-separated IoT and NoT devices. To ensure a robust defense, it is essential to adopt a cautious approach, allowing inter-subnet or inter-VLAN communication only when strictly necessary, and blocking all other traffic by default. A prudent guideline is to begin with a stringent block-all policy and then carefully inspect logs and monitor device functionality. As legitimate traffic requirements emerge for specific devices, create targeted rules to allow only those essential communication channels, maintaining a constant focus on security. Through a few iterations of this process, your IoT and NoT devices should operate smoothly, with only the absolutely necessary traffic permitted, significantly reducing the attack surface and fortifying the network against potential threats. By adhering to this methodology, network administrators can strike the optimal balance between device functionality and stringent security measures, fostering a safe and secure smart environment.

Remote Access with VPN for Added Security

When remote access to devices, like security cameras, is necessary, it is essential to avoid port forwarding. Instead, employ Virtual Private Networks (VPNs) to establish secure connections to your local network. VPNs encrypt the data exchanged between the remote user and the local network, thwarting potential eavesdropping or unauthorized access.

Setting up a VPN today is easier than ever, thanks to the widespread adoption of VPN server capabilities in modern routers. Many leading router manufacturers include built-in VPN server functionality, allowing users to establish secure connections to their home network effortlessly. This user-friendly approach makes it accessible to a broader audience, regardless of technical expertise.

Alternatively, for users seeking more control and customization over their VPN setup, there are established software solutions available. OpenVPN, a popular open-source VPN protocol, offers a versatile and secure option for creating your own VPN server. Its robust encryption and authentication mechanisms ensure data privacy and integrity during transmission. Additionally, PfSense, a powerful open-source firewall and router software, provides a comprehensive platform for building customized VPN solutions tailored to individual needs.

By choosing the appropriate VPN setup method, users can ensure that remote access to devices, such as security cameras, is secure and reliable. Employing a VPN, rather than resorting to port forwarding, establishes an encrypted tunnel between the remote device and the local network, adding an extra layer of protection against potential threats.

Whether opting for the convenience of a router's built-in VPN server or customizing a solution based on established software, setting up a VPN can be a straightforward process with substantial security benefits. With a securely configured VPN in place, users can confidently access their IoT and NoT devices remotely while safeguarding their data and network from unauthorized access and cyber threats.

The Advantages of NoT over IoT

In conclusion, NoT holds a security advantage over IoT due to its local network confinement and limited communication scope. By eliminating unnecessary internet exposure, NoT devices can effectively mitigate potential threats and unauthorized access. When dealing with sensitive devices that don't require internet connectivity, embracing the NoT approach enhances security without sacrificing functionality.

Understanding the disparities between IoT and NoT devices is crucial for making informed decisions when setting up smart networks or home automation. Separating IoT and NoT in their own subnets and applying proper firewall rules can substantially improve the security posture of these devices. Embracing NoT for certain devices can offer an added layer of protection, while employing VPNs for remote access ensures secure connections. As technology advances, adopting security-conscious practices becomes paramount in safeguarding our interconnected world.

No comments: