Page 608 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 608

Internet of Things


               Smart devices are a range of mobile devices that offer the user a
               plethora of customization options, typically through installing apps,
               and may take advantage of on-device or in-the-cloud artificial

               intelligence (AI) processing. The products that can be labeled “smart
               devices” are constantly expanding and already include smartphones,
               tablets, music players, home assistants, extreme sport cameras, and
               fitness trackers.

               The Internet of Things (IoT) is a new subcategory or even a new class
               of smart devices that are Internet-connected in order to provide
               automation, remote control, or AI processing to traditional or new

               appliances or devices in a home or office setting. IoT devices are
               sometimes revolutionary adaptations of functions or operations you
               may have been performing locally and manually for decades, which
               you would not want to ever be without again. Other IoT devices are
               nothing more than expensive gimmicky gadgets that after the first few

               moments of use are forgotten about and/or discarded. The security
               issues related to IoT are about access and encryption. All too often an
               IoT device was not designed with security as a core concept or even an
               afterthought. This has already resulted in numerous home and office
               network security breaches. Additionally, once an attacker has remote
               access to or through an IoT device, they may be able to access other
               devices on the compromised network. When electing to install IoT

               equipment, evaluate the security of the device as well as the security
               reputation of the vendor. If the new device does not have the ability to
               meet or accept your existing security baseline, then don’t compromise
               your security just for a flashy gadget.

               One possible secure implementation is to deploy a distinct network for
               the IoT equipment, which is kept separate and isolated from the
               primary network. This configuration is often known as the three dumb

               routers (see https://www.grc.com/sn/sn-545.pdf or
               https://www.pcper.com/reviews/General-Tech/Steve-Gibsons-Three-
               Router-Solution- IOT-Insecurity).

               While we often associate smart devices and IoT with home or personal
   603   604   605   606   607   608   609   610   611   612   613