IOT, Internet Of Things, or Internet of connected things. Smart devices that can be controlled remotely. Who talk to each other and to us. Here is the great network of “we do and see everything from wherever we want”. A personal window to the digital world of our things: the alarm system and the webcams that tell us every moment if everything is ok, the fridge that shows us what is missing, the smartwatch with the heartbeat and blood oxygen sensor capable of calling the relatives and even the doctor if we are sick. And what about the car and scooter that promise to interconnect with all of this too? A digital world of ours, only ours, only for us and maybe for whoever we want? Here's the rub: Things may not work out exactly like this.
The Web is already full of halts. Every connected device that enters our homes, and even more so in our offices, can constitute a heavy threat of intrusion from the outside. A double threat, too. The world of the Internet of things creates a direct channel towards our information (files, archives, confidential documents), our images, our digital videos, our common life. But the illegal entry into our computer system, by a professional hacker or even a more or less amateur spy, can constitute a bridgehead for even more complex criminal actions. The hypothesis that someone uses our webcam to find out when there is free space to steal is worrying. But there is more, and perhaps worse: the use of our computer devices as a springboard (this also happens) to penetrate from there into other systems by confusing the tracks.
Giving up the Internet of Things? Certainly not. However, it is advisable to protect yourself adequately. Which is not very easy, which needs a series of good tips and if anything – let's gear up now – the intervention, if we are not sure that we have done things right, of some more shrewd and expert acquaintance. Can you try to do it yourself? Yes of course. Here is an operational guide to make our Internet of Things network secure enough.
The English recipe
To get an idea of how much the problem is felt, it is enough to think that the British think they are tackling the situation even with a bill that establishes the general criteria that are mandatory for everyone, with three constraints of a general nature with a somewhat technical content which now we show you why they still serve to outline the basic criteria which should be adopted. In the following chapters we will try to make them understandable even to those who are not very expert.
Every manufacturer – the British propose – should always comply with three basic conditions, indicated by the British National Cyber Security Center. The first: all the passwords of IOT devices must already be different "factory" for each device sold, with an explicit and clear invitation to change them during installation. And the possibility of resetting them to a factory setting with a so-called reset must not in any case be foreseen. All this to prevent the inexperienced user from leaving the IOT devices configured with non-personalized passwords (not everyone has an idea of the multitude of Password easily “crackable” or even absent that populate the ether). The second: device manufacturers must provide a reference contact to be used to report any vulnerabilities to be resolved as quickly as possible. Third condition: manufacturers of consumer IOT devices must undertake to supply for a minimum period of time (at least a few years) all security updates needed both online and in stores.
Accessible but hidden
Let's begin to break down these recommendations into practical advice, starting from the first criterion to adopt when installing one or more IOT devices. A criterion that we can, and must, also adopt for surveillance webcams (but it also applies to those of the PC) which now also populate a growing share of private homes. Well, actually bad, because (do a little self-examination) many of us install webcams by hooking them up to the main Wi-Fi network we use at home, the same one we connect to PCs, smart TVs, satellite decoders and everything else. Very bad: the right rule is to segment the network (every modern router allows it with simplicity) by creating a parallel network or better still several parallel networks with different names and strictly different access credentials: one to be dedicated to our Internet browsing, one to be activated only when needed to give access to temporary guests, another one to connect IOT devices.
This prevents anyone who manages to break into our main Wi-Fi network, perhaps because they have peeked at the passwords written on a piece of paper in the drawer that we occasionally give to relatives and friends, from using it not only to scrounge up a permanent connection because they live in the same palace but also to mind our own business or to use ours connection as a trampoline for who knows what else. The ideal is to hide at least the network dedicated to the IOT from the visibility of the Wi-Fi search functions of the mobile phones of the other PCs: this too can be configured easily.
Of course, the basic recommendation on the type of Wi-Fi protection we choose for access is valid (the cryptographic algorithm should be at least the WPA2, which we will choose with a simple click in the configurations) and on the access passwords, strictly to be modified with respect to both the factory and test ones that may have been entered (and then not deleted) by whoever installed the system. Passwords that must be complex, with uppercase, numbers and letters.
Do not open that door
At the cost of subjecting yourself to a small effort of technical knowledge, we also recommend, to raise the security level of our IOT world, to disable functions apparently very comfortable that allow us to distribute our audio or video files inside the house with great ease, allowing them to be accessed by all connected PCs and smart TVs. Both on the main router (remember, it is the little box at the start of the network that connects them to the outside with the Internet) and possibly on all the PCs, it is advisable to deactivate in particular those functions for automatic transmission which, together with the internal communication open some "doors" (that's what they are called) which in turn weaken security with respect to intrusion attempts from the outside.
Normally any direct external access to our local network should be absolutely prevented by the basic configurations of our devices. But it's worth checking carefully. In the devices we have at home, we first check the disabling UpNP support, a function that automatically opens to the flow of all audio and video content within our network but also exposes it to many intrusions from the outside. This is also an operation that can be done relatively easily by navigating in the configurations of our router and PC, perhaps retrieving the instructions on the web by typing the string "deactivate UpNP" into the search engines.
If we want to securely distribute our multimedia content between home devices, it is much better to equip ourselves with a so-called NAS (Network Attached Storage), a box that contains mass memories in which to insert our multimedia contents, the origin of which has already been thought out to distribute them in a safe and secure way thanks to a guide, which is never missing, to configure it correctly.
Possible problems to connect to our devices from the outside? No, we can rest easy. Even if all the "doors" of our router are closed, it is enough to use the servers made available by the manufacturers of our IOT devices. Their servers allow us, after a registration procedure and definition of our access credentials, to create connections from the outside with our devices not directly with our home or office network but through a "bridge" constituted precisely by their protected systems, which in the case of the best known brands are considered absolutely safe.
The alternative is called VPN
Just a nod, in this regard, dedicated to those who consider themselves a little more expert or savvy. The only relatively secure way to connect from the outside directly to our equipment of eight or to the whole of our home office network is to create a virtual private network (VPN) using the appropriate software both for configuring the network and for accessing our external devices. Let's say, however, that it is a somewhat professional solution usually the prerogative of companies and large organizations. Unless you resort directly to a router that also integrates VPN server functions, to be configured instead of the main one that is often provided to us by the Internet provider, or to be added to our network by placing it between the network itself and that of the our connectivity provider. It should be said: it is a more complex and necessarily more expensive solution than the normal budget of a domestic system.
Antivirus but not only
To raise the security of our IOT network, the use of an advanced antivirus suite is highly recommended, which is not limited to normal software but which also integrates a network monitoring system that allows us to indicate at any time the devices that make it up, their state, and any intruders to block automatically alerting us to what is happening. Also in this case it must be said that the configuration is neither very easy nor immediate, even if available by searching the Internet for applications with free versions, such as BitDefender Home Scanner, which work well and are easily configurable and usable.
