Google Home, smart watches, Nest, you’ve probably used one of these popular IoT devices before. This helpful technology allows users to transfer data over a network without requiring human-to-computer interaction. This means you can have a smart home, or an IoT environment, where devices can communicate with each other for seamless user experiences.
Andrew Maddox (Network Security) and his team, Dylan Crockett and Brandon Jackson, are helping secure an IoT environment at UAT. An IoT environment may sound simple, but when addressing security measures, implementation can become complicated.
The overall goal is to take the Cyber Security Lab and transform it into an IoT environment. This is a collaborative project with many teams—Andrew’s team is in charge of securing the environment. “A lot of IoT environments, IoT houses, are not as secure as they could be,” Andrew explains, “There are instances where they’re marked as unsecure. So, bringing in a security aspect is a huge goal for this.”
The three-semester project just finished the first semester, which focused on planning and implementing all physical components of the IoT environment. During this process, network security and network engineering worked hand-in-hand. The physical devices needed to be in place before they could be secured.
These physical components include the server, switch functioning, routers and segmenting the network, which completes the core functions for the IoT devices.
For the second and third semesters, the team will focus on creating an environment that cannot be attacked and infiltrated. For this to happen, the team started with network segmentation to create a secure format. With how UAT’s IP is set up, the IoT environment lives on a different subnet of the main structure. There are two access points, one that’s public facing for student use, and one that’s dedicated to the IoT environment. The goal is to provide multiple access points on different IP ranges, so that users can’t access the environment and cause harm.
Because the server runs many vital processes for the IoT environment, securing it was a necessary first step. Next, a team of well-versed individuals, known as red teamers, will look for weaknesses by hacking the IoT environment.
Andrew contributed with setting up the server, fail demand security and building the infrastructure. Firewalls are used to secure Linux Windows devices. By providing a fail demand, you can ensure that ports are open and unwanted individuals are prohibited from accessing the network.
Fail demand is part of the protection for the SSH, which allows students to communicate with the server without physically using it. Fail demand is activated when someone tries to use brute force to gain access to the server. This involves using several usernames and passwords to gain access. Fail demand blocks the use of brute force by putting these requests into a virtual jail.
The opportunity to secure an IoT environment in a new way motivated Andrew, “I was thinking, this is awesome, this is going to increase not just my knowledge, but give me access to things I hadn’t had access to previously,” says Andrew. “Being able to pursue my knowledge and being able to involve myself in this project was just a huge opportunity.”
With the growing popularity of IoT environment, there’s a growing stigma around the security aspect. Providing a new security aspect is vital for UAT.
“With every emerging technology, there’s always going to be hiccups, especially on the security end of things,” Andrew remarked. “Getting to have an interaction with this technology and being able to plan and contribute to what could possibly change security measures in the future, that’s a big deal.”
Andrew Maddox, Network Security
Dylan Crockett, Network Security
Brandon Jackson, Network Security
The team also obtained help involving infrastructure information from Jeff Verbus in IT during the project.