IoT on campus: where it is and how to secure it

What is a network administrator to do with this invasion of connected, and thus hackable, devices?

Hopefully, you’ll have weighed in on what types of surveillance devices are used by your Public Safety department, so that at the very least you’ll be able to change the default administrator username and password to something that isn’t easily accessible to anyone who can use a search engine. If at all possible, these devices should also be on a separate area of your network that can be monitored for anomalous traffic such as sending video feeds to the wrong location.

As IoT devices could fall into the category of help or hindrance in a classroom setting, you may choose to allow teachers to decide whether or not to ban devices from connecting to Wi-Fi. This will not prevent mobile devices from connecting to a cellular network, if there is a need for emergency communication.

Safety and privacy
Another important concern regarding IoT devices is their effect on privacy and personal safety. While the information these devices store and transmit may seem innocuous, attackers can be quite creative in using it to extrapolate more sensitive data.

More and more organizations are starting to scrutinize the use of fitness devices, as awareness increases about the real-life consequences of broadcasting your location. While college campuses don’t require the same level of concealment as secret military bases, openness can bring its own set of problems. Because campuses are hives of activity, it’s easier for an adversary to take advantage of physical proximity to eavesdrop on or redirect traffic from someone’s connected device.

Colleges are especially likely to be familiar with problems associated with harmful pranks and harassment, and IoT devices are increasingly being used for these purposes as well. Few current “smart” devices are adequately monitored within the environment where they’re being used, and devices themselves rarely record logs of their own activity, so it can be difficult for the target of malicious behavior to even prove that it’s taking place.

Even passive monitoring of personal devices may be a difficult policy to sell within a higher-ed environment. By creating Acceptable Use policies that include consequences for violating the privacy or safety of fellow students or staff, you can establish that authority to investigate if someone feels they are being endangered through their IoT devices.

While the presence of “smart” devices naturally increases the complexity of your network environment, it does not create an insurmountable obstacle to protecting either people or data. By being deliberate and planning ahead, you can help mitigate the extra risk.

eSchool Media Contributors

"(Required)" indicates required fields