• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Gestalt IT

Your Place For the Latest News in Enterprise IT

  • Exclusives
  • Tech Talks
  • Field Day
  • Favorites
  • *
  • Rundown
  • Gestalt News
  • Podcast

Tackling Troublesome IoT with Fortinet

How many wireless IoT devices do you have in your enterprise? Do you even know? And if you said “zero”, are you totally confident in that number? The scary part of IoT is that no one can be. Internet of Things is a movement that has a lot of wireless and security professionals scratching their heads. How exactly are they going to deal with the explosion of devices out there? And once we know for a fact that we have those devices on our wireless network, how can we make sure they behave?

Internet of Threat Vectors

One of the scariest things about IoT devices is the fact that you don’t control them. Some industrial devices exhibit a high amount of configuration and control because they were not originally designed to be connected to the Internet. So the gateways that enable them have all the knobs and switches enabled for us to tweak away to our hearts’ content. But what happens if those switches are disabled?

As is the case in most consumer and prosumer IoT devices, lack of configuration options is done for the sake of simplicity. The fewer switches you have to enable the better the experience for the user. In fact, most IoT devices end their configuration at connecting to the wireless network. Once they’re programmed and connected to the network they only allow configuration through an app interface. Which limits our ability to see what they’re doing. Do you know what DNS entries your intelligent thermostat is using? Can you say for certain what it looks like when your systems are working correctly? Worse yet, do you know how to spot when they aren’t?

There are tons of apocryphal stories all over the Internet about sensors being compromised or IoT devices being made to redirect traffic to create a DDoS attack on specific targets. But one of my personal favorites isn’t about sophisticated hacker skills, but instead about laziness. There’s a wonderful story about a company that installed a network-enabled building HVAC system and also installed an on-site control server. Rather than creating a policy that required the management company to securely connect to the server via VPN it was instead decided to give them access via insecure RDP. And to keep it simple they just decided to open RDP to the entire world, not just one IP address range. You can imagine what happened next in the story.

Fixing Faults with FortiNAC

If you want to truly solve the IoT problem, you have to solve it in the medium that makes it the Internet of Things, which means the network. During Mobility Field Day 4, I had the chance to check out some of the latest offerings from Fortinet. One that really caught my eye was their FortiNAC solution, outlined in this video by Chris Hinsz:

FortiNAC tries to accomplish the things that need to be fixed with IoT in what I consider a novel way – traffic profiling. NAC solutions have always been a little dodgy when it comes to user-based traffic because of how uneven it is. Users that normally might do web-based traffic browsing might be asked to upload a lot of videos. To the NAC solution, this looks like data exfiltration. So it may lock down that attempt to actually get your job done. Which frustrates users and causes all kinds of headaches for the security team.

However, IoT devices aren’t quite as flexible. They have known communications addresses. They have regular data patterns and amounts. You know what a device should be sending and where it should be sent. So you know what to look for with anomalies. And you can set triggers for any behavior that occurs outside of those parameters. And that can be hugely important when you catch behavior outside the norm.

Think about a hospital environment. All those medial monitoring devices are IoT devices that have specific parameters they need to follow. MRI machines will send huge picture files to servers to be read later. But they should only send those files to one or two locations. If you’re tracking the network activity of that particular device and you see it sending data to another location you are probably going to raise an alarm, right? How about if that device starts getting data from other locations aside from the MRI scanner? Another red flag. But you won’t know that from the machine itself, or more accurately the workstation attached to it. That’s the power of a solution like FortiNAC. You can see the behavior of the device in question without needing to have an agent or even a peek into its configuration.

The breed of NAC solutions that are needed to observe IoT devices requires a bit more horsepower than those in years past. You need to be able to see the traffic from the device as it’s flowing without any hints from the device itself. It’s almost like tapping the network to ensure behavior. But, more importantly, the NAC solution needs to be tied into the network itself to be able to isolate the device is policies are violated. Before, this was a simple as having the device agent shut everything down until the violations could be figured out. But now, with the inability of the solution to install agents directly on the device, the NAC solution needs to find more creative ways of dealing with those communications.

To me, that’s why FortiNAC is so important. Because it integrates with the new edge that is wireless networking. IoT devices don’t have room for Ethernet ports or other unnecessary connectivity. A wireless radio is all that’s needed to get them online. And if your NAC solution isn’t integrated with the wireless network you’re going to have quite a time trying to enforce policy at the edge. Fortinet does a great job of putting their NAC solution together with their wireless controllers and their edge firewall capabilities to create an all-in-one solution that fits a wide variety of customers.

Bringing It All Together

IoT is scary because it lacks the kinds of controls that networking and security folks have become used to over the years. There’s no way to open the hood and peek underneath. Instead, we’re going to have to start thinking about securing these devices in a different way. Solutions like FortiNAC go a long way toward helping us profile the behavior of those devices and ensure they aren’t representing threats, either to the wireless network or to the wider security posture in the enterprise. That’s something that will help any security department figure out the best path forward that includes IoT.

For more information about Fortinet and their FortiNAC solution, make sure to visit http://Fortinet.com.

  • About the Author
  • Latest Posts

About Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at https://networkingnerd.net/
  • Intro to NetworkMiner - December 6, 2019
  • On The Hunt with Confluera - December 4, 2019
  • How Difficult Is SD-WAN? - December 4, 2019
  • Letting Go of the Digital Hoard - December 2, 2019
  • Tackling Troublesome IoT with Fortinet - November 26, 2019
  • Technology and Policymakers - November 26, 2019
  • BGP Traffic Engineering - November 25, 2019
  • The Value of Virtual Networks from Tesuto - November 20, 2019
  • TCP Is the Most Expensive Part of Your Data Center - November 18, 2019
  • The Name’s The Thing With Guardicore - November 12, 2019
Share this...
  • Facebook
  • Twitter
  • Linkedin
  • Reddit
  • email

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Tech Field Day Events

Tech Field Day events bring together innovative IT product vendors and independent thought leaders to share information and opinions in a presentation and discussion format. Independent bloggers, speakers, freelance writers, and podcasters have a public presence that has immense influence on the ways that products and companies are perceived by IT practitioners. The world of media has changed, with social media and blogging gaining special importance. Tech Field Day is an opportunity for tech companies and independent writers to meet, update and discuss products and form new communications.

Connect

  • Email
  • Facebook
  • Instagram
  • RSS
  • Twitter
  • YouTube

Sign up for Gestalt News!

Select One or More Topics

Gestalt IT on YouTube

Digital Transformation is a Myth - The On-Premise IT Roundtable

Mirantis Contains Docker Enterprise | Gestalt IT Rundown: November 20, 2019

Subscribe on YouTube

Footer

Gestalt – (noun) an organized whole that is perceived as more than the sum of its parts.

About Gestalt IT

Categories

  • Exclusives
  • Tech Talks
  • Field Day
  • Favorites
  • *
  • Rundown
  • Gestalt News
  • Podcast

Topics

The Socials

  • View GestaltIT’s profile on Facebook
  • View GestaltIT’s profile on Twitter
  • View Gestalt_IT’s profile on Instagram
  • View isaHnBrJzPtxd5PcCOoSSw’s profile on YouTube

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Editors:

  • Stephen Foskett
  • Tiffany Lardomita
  • Rich Stroffolino

Copyright © 2019 · News Pro on Genesis Framework · WordPress · Log in