In my last post I presented my concept how to secure the IoT. I’m aware
that it is not a full specification or a guide how to do that. I wanted
to start a discussion because I see many weaknesses, which can threaten
the overall concept of the IoT.
As you probably aware every system and network have vulnerabilities. The
question is when we discover them. I assume the same scenario will be
with the IoT. It doesn’t matter how strong we will secure the end
points. There will be always someone who wants to break our protection.
Let’s analyze impact of a DDOS attack on the IoT. Today being under
attack means you can lose your money, sometimes your reputation, but I
don’t think it can really danger your or someone else life. Now, we are
just before a big step, which introduces us into the new era. Imagine
situation where everything is ‘connected’, what means, it can be
targeted by hackers. If you read my previous post you may remember some
examples with a TV or a fridge. For such examples I can’t see any
serious threats. If your TV or your TV operator become a target, your
favorite movie can be unavailable for a while. What about cars, planes,
hospitals or medical equipment? For them, I see many possible threats.
Let’s imagine that your car which should take an action on a cross road
based on the information sent by a street light system. The fact of
being under a DDOS attack means it doesn’t get this message. You can
also miss, for example, information about a car accident on a motorway.
If we become ‘addicted’ from the information, warnings from the
electronic devices around us, our reaction can be delayed. What about
medical equipment? People at theirs homes with medical monitors can be
very weak and vulnerable targets. Based on the information from the
devices, hospital can save someone’s life, by sending an ambulance on
time. With all these electronic gadgets we will become vulnerable
society, but I agree, it is inevitable. The same problem was with the
Unix system or TCP standard in the 70’s and 80’s. Both were designed
without security features. People didn’t think too much about threats.
Today we are aware of them. We know that our badly protected systems
will become targets for our enemies. I don’t mean only hackers (rather
should say crackers) but also cyber armies. If we become more dependent
on the IoT we will be much more vulnerable if the whole system is poorly
protected. I know my voice is too weak but what I would like to say,
that we should plan the security features first, before we start the
revolution.
High availability is mandatory in most of today's network designs. Only very small companies or branches can run their business without redundancy. When you have Fortigate firewall in your network you have many options to increase network availability. You can use Fortigate Clustering Protocol ( FGCP ) or Virtual Router Redundancy Protocol ( VRRP ). FGCP has two modes: 'override' disabled (default) and 'override' enabled . I'm not going to explain how to set up HA as you can find many resources on Fortinet websites: https://cookbook.fortinet.com/high-availability-two-fortigates-56/ https://cookbook.fortinet.com/high-availability-with-fgcp-56/ Let's recap what is the main difference between them. The default HA setting is 'override' disabled and this is an order of selection an active unit: 1) number of monitored interfaces - when both units have the same number of working (up) interfaces check next parameter 2) HA uptime - an ...
Comments
Post a Comment