If you’re paying attention to the development and proliferation of “smart devices,” it can seem like they’re everywhere: internet-connected thermostats, cars, vending machines, surveillance cameras, televisions, fitness devices, and even light bulbs. But the omnipresence of tiny, embedded computers in everyday devices also has a way of making them invisible to most people. What is a network administrator to do with this invasion of connected, and thus hackable, devices?
Which “smart” devices are in schools?
While the variety of connected devices on campus may seem overwhelming, the ones you might have to worry about are only a subset of the problematic devices that are out there. Internet-connected cars are more likely to be on a cellular network than a school’s wireless network, and network admins probably have some authority to opine about whether connected thermostats or household appliances are allowed to connect. Hopefully, if “smart” vending machines or surveillance cameras are implemented, you’ll have the opportunity to weigh in on which specific devices are allowed to join the network.
The more prolific (and uncontrolled) types of “smart devices” on campus are likely to be those brought by students, and it’s possible they may not even think of these devices as internet-connected until someone or something stops them from being connected. So how are you supposed to protect your network against the tide of unsecured internet of Things (IoTs)?
What to do with the IoT in your environment?
Because options for improving security on these devices will be somewhere between limited and non-existent, much of what you can do will be in terms of monitoring and controlling traffic entering and exiting your network. On devices that are within your control, be sure to manually check for software updates regularly, and enable any security options that are available.
As we discussed in my previous two articles, when it comes to placing restrictions, context is crucial. Consider the context of use as well as misuse in each case. In areas of your network where sensitive data resides, you should have the authority to restrict which devices are able to connect to these areas, what types of traffic they’ll be able to transmit, and to what specific locations. It’s important to secure all devices, even ones that seem as innocuous as office printers.