People are finding new ways every day to enable IoT capabilities to once-manually operated devices, including door locks, solar panels, thermostats, refrigerators, dishwashers, soda machines, watches, fitness trackers, security cameras and more. There could be 50 IoT devices in your school or office, or 150. As digital transformation continues to impact every industry, facilities are proactively installing new IoT devices without realizing that its IT Department should have been notified prior to installation. This disconnect can be caused due to the lack of awareness around the potential effects these devices may have on the network: wired or wireless. Let’s take a look at what those common issues are and the best ways to avoid them.
IoT devices are operating in dense environments. Whether in a school, office, or hospital, IoT is not the only object placing demand on the radio frequency (RF) spectrum. There are Bluetooth devices, WiFi-enabled devices – like phones and laptops – and even, objects like microwave ovens. These devices could have varied operating protocols or standards, yet they all need to be able to use the spectrum simultaneously.
Even if an environment only has IoT devices – probably impossible to find outside of a research environment – the same issue holds true. These devices can have different operating standards, and they are all competing for access to the unlicensed spectrum. Prime examples of devices using WiFi’s 2.4GHz or 5GHz frequency band include cordless phones, microwave ovens, baby monitors and Bluetooth devices The available spectrum is divided into multiple bands, and each band is generally divided into a smaller number of channels. Communication over the wireless medium is half-duplex in nature, meaning only one device can communicate at a time. When there are relatively few devices around, this isn’t a problem. However with today’s schools, businesses and healthcare facilities’ heavily reliance on IoT-enabled devices for daily operations, it’s an entirely different story.
Any device can have unintended interference on any other device, causing weakened operational performance like an extremely slow connection or loss of connection/service entirely. The more devices that are added to the environment, the higher the likelihood for interference issues. If IoT devices are only growing in number, how do we solve these issues?
100% Network Visibility: Identify your IoT devices
In order to manage the diverse number of devices on our networks, we have to have 100% network visibility. The first step is to identify “what is on your network – this includes both known and unknown devices”. This is the only way to know exactly what is occurring on a network, to identify any issues and to have the information required to resolve any issues. With complete, real-time visibility, we can understand if our 100+ IoT devices are playing nicely together, or if they are fighting to the death for access and performance.
You can get this visibility with different WiFi analytics tools that leverage Artificial Intelligence (AI). These tools can work 24/7, identifying and analyzing all data on the RF spectrum, providing the vital information needed for network optimization. Make sure the tool reports 24/7 on the entire RF spectrum or you won’t get any information on non-WiFi devices (like Bluetooth devices). You also want to make sure that the tool has multiple radios. A single radio would have to time-slice when scanning multiple channels (aka frequencies), whereas with the help of multiple radios, one can dedicate radios to specific channels to get non-stop coverage.
Now, onto our next common issue. As we said up above, IoT devices are designed to either gather and/or send information. This information might be stored on the device, or directed back to the vendor, the cloud or another device. The security risk arises when either the device is gathering unauthorized data; or when someone hacks into the device and either steals data from it or uses it as a malicious instrument.
There have been a plethora of news stories discussing devices like security cameras, printers, refrigerators and thermostats being hacked. Hackers can use the devices to coordinate denial of service (DoS) attacks, to spy on schools or businesses, to steal sensitive information or to install ransomware. They could also use the device to gain access to other devices connected to the network, compounding the threat.
Not a good situation. So, what do we do?
We want to identify and isolate, as much as possible, IoT devices in their own world. In other words, we want all our IoT devices to be on a separate network from the primary network. A proactive solution for enterprises to safeguard their operations include launching three broad categories of networks:
- One for authorized officials
- One for guests
- One for other use, like IoT devices
The primary network should be reserved for all sensitive data – like patient data, student data, and corporate finances – and access should be restricted. The guest network is just as it sounds and the third network can be for all other miscellaneous items. By organizing our networks in this way, we can avoid scenarios where someone can hack into an IoT device and gain access to sensitive, personal data.
To further tighten security, we can program the devices to have access to only certain websites. This is known as a source based or destination-based firewall.
- Source-based: the firewall is designed to only allow access from certain recognized IP addresses. Think of this like the device showing its ID Card and receiving access after proving its identity.
- Destination-based: the device is only authorized to visit certain IP addresses. Think of this like the device showing its ID Card and being permitted to only enter certain locations.
Decide which scenario makes the most sense for you and program your firewall accordingly.
Pro Tip: It’s a good idea to periodically run network security tests to ensure that your firewalls are operating as designed.
In the future, IoT devices are only going to grow in number and diversity. Take the right, precautionary steps now to ensure that your network is designed to work with these devices without any network degradation or security risks. Don’t underestimate the power and affect these devices can have on your network, but don’t panic either. Follow these tips and you can keep your network optimized.
Written by Anil Gupta, CTO and co-founder, Wyebot