How To Secure Your IoT Devices With A VPN

Cybersecurity is a major pain point for IoT network providers and operators. In this article, I’ll show you how to secure IoT devices with a VPN. I want to bring attention to the ways in which this tried and true technology can reinforce IoT networks at scale.

Every time you connect a device to the internet, whether it’s a car or a security camera or a simple laptop, a plethora of security concerns arise. The connected device may be used at the office, at home, or both, but there’s always a risk of corporate or personal information falling into the wrong hands. Internet of Things (IoT) devices are prone to targeted attacks that can be hugely detrimental to businesses and people. In this article, after reviewing some common security threats to IoT networks, I’ll show you how to secure IoT devices with a VPN (Virtual Private Network) to mitigate these cybersecurity risks.

Major IoT Cybersecurity Concerns

The security risks inherent in using IoT devices are alarmingly broad, with the term “IoT security” even being dubbed an oxymoron. As the technology remains in its “creation phase,” there are no standard controls or protocols for developers to follow. What’s more, end users often aren’t equipped with the tools or knowledge to mitigate risks effectively themselves.

According to a 2018 Symantec study, there was a 600% increase in the number of IoT attacks between 2016 and 2017.

Here are some of the more common assaults on IoT networks against which a VPN might be able to defend:

 Botnets

IoT devices are prime targets for botnets. A botnet is a series of internet-connected devices that—banded together by a hacker—can perform large-scale attacks, such as Distributed Denial of Service (DDoS) attacks at massive scale. Botnet malware can lie dormant until the attacker sends a command over the internet, and because IoT devices don’t typically have an antivirus protection layer, it can be difficult to detect and remove. A major issue is that many IoT devices are relatively simple compared to PCs and smartphones so complex security architecture is often not an option for device manufacturers.

DDoS attacks typically involve overflowing a network by bombarding it with traffic. A high-profile IoT DDoS attack occurred in 2016 when Dyn, a domain name system provider, was compromised. The attack involved up to 100,000 IoT devices infected with the Mirai malware. These formed a botnet that was used to cripple the company’s services.

The “Satori botnet” is another recent high-profile DDoS-style botnet attack against IoT networks. The (alleged) main perpetrator was recently apprehended for bragging to the media.

Man-In-The-Middle (MITM) Attacks

The basis of a MITM attack lies in an unauthorized third party managing to intercept communications and access information like a fisherman in a river. MITM attacks are an ideal way for a cybercriminal to view or change sensitive information and even hijack user accounts.

Any of these actions could have a catastrophic effect on the victim whether it’s an individual, a corporation, or a cloud network associated with numerous companies or brands. MITM attacks drive home the importance of encrypting traffic so that it’s unreadable in transit—even if someone intercepts it.

MITM attacks are especially effective against IoT devices that haven’t been properly secured by the manufacturer. Many solutions providers leave the manufacturer’s default passwords in place through deployment. Hacking into a device or gateway can be as straightforward as googling the default password for a given device model. Moreover, unlike a web browser in which you can check for “https” (secure) in the address bar to ensure a site is safe, IoT devices have no such standard protocol. They have no way to alert the user if a security certificate is expired or otherwise invalid.

General Snooping

When every device is connected to the internet, Internet Service Providers (ISPs) and government agencies controlling them have access to a vast amount of your data. With IP addresses in plain view and traffic easily readable, they can track all of your daily business activities. This is yet another reason to encrypt all of your internet traffic.

A VPN can go a long way toward mitigating the various risks associated with IoT networks. They’re old and trusted web structures, and we should carry them forward into the IoT revolution. When using a VPN, traffic flows from the device, through an intermediary server, and then continues on to its final destination. This masks the user IP address and replaces it with one from the VPN server.

Plus, when you connect a device to a VPN, all traffic flowing to and from the device is encrypted. The encryption used by top-rated VPN providers is typically 256-bit AES, which is considered military-grade encryption.

Of course, when it comes to mitigating all of the risks outlined previously, there are many pieces to the cybersecurity puzzle. Such problems include improving employee awareness and training while ensuring all operating systems are updated.

Why Secure IoT Devices with a VPN?

The standard application of VPNs across IoT networks could make those networks significantly more robust than they currently are. When a device is connected to a VPN, all of the traffic running to and from it is encrypted. Even if someone were to intercept network traffic they would be virtually unable to interpret it.

A VPN can help protect against DDoS attacks by shielding the user IP address, making it difficult for hackers to launch a targeted attack. Some providers such as PureVPN and TorGuard offer dedicated anti-DDoS servers to protect further against DDoS attacks.

Shielded or “masked” IPs also prevent intruders from tracking user activity. They also limit the attack options available to cybercriminals, which empowers cybersecurity teams better to predict the lines of attack an intruder might pursue in a given VPN-secured IoT network.

When it comes to circumventing MITM attacks, using only HTTPS sites is one of the best defenses as HTTPS sites provide encryption. However, this isn’t always an option; an even better idea is to use a VPN. This way, you would know that all traffic will always be encrypted and therefore unreadable to a third party.

The same goes for general snooping. Your ISP won’t be able to see the contents of your traffic or where it’s going. All that’s visible to the ISP is encrypted traffic going to and from a VPN server. – IOT For All