back to article Some Things just aren't meant to be (on Internet of Things networks). But we can work around that

What exactly is the Internet of Things? According to Gartner and IDC, it's a network of endpoints capable of interacting with each other and the world via IP connectivity. Consultant McKinsey & Company defines IoT as sensors and actuators embedded in physical objects, from roadways to pacemakers, that churn out huge amounts of …

Page:

  1. Steve Davies 3 Silver badge
    Facepalm

    I had to laugh

    at this

    Define a collection of subnets for the various IoT devices and assign DHCP ranges: it's dead easy to do and it'll help make things manageable. Most importantly, though, because you have subnets you can define access control lists (ACLs) to limit the traffic that can get in and out: ensure that the only traffic permitted is what the devices need to work and be managed.

    And jost how do you explain this to the average punter with his 'smath' light switched, Central Heating and not so smart' fridge then?

    And when you tell said punter that they need lots of expensive network kit (how many ISP supplied routers support subnets then?) in order to manage and keep his so called smart devices secure?

    What you are saying makes perfect sense[1] to those who read and comment on this site but for 99% of the rest of the population? Forget it buster.

    [1] Especially deciding NOT to have any of this shit as I have did more than three years ago OR equally important, deciding NOT to connect the stuff you have bought up in ways that can make your network insecure.

    1. LDS Silver badge

      Re: I had to laugh

      Yes, the problem with many home and small office (and even some medium sized) networks is they employ networking devices which were designed for very simple networks, a few connected PCs and nothing more. Just look at how many "unmanaged" switches are on sales, and APs with VLAN and other advanced features are harder to find and more expensive.

      Now the ever increasing number of connected devices would need to adopt more sophisticated designs - but the devices don't support them, and the design/configuration is much harder, and usually beyond the knowledge of most non IT people. It could be simplified by management software for less demanding environments, but no one cares...

      1. a_yank_lurker Silver badge

        Re: I had to laugh

        I would many IT pros are also incompetent at networking. From what I studied to do it right is not a trivial matter when you know what your are doing.

    2. Headley_Grange Silver badge

      Re: I had to laugh

      My mum doesn't know what Window, Finder and Return mean when I give phone support, so I'm looking forward to the call when I help her set up her subnets. She'll want to know how often they need washing.

      Wouldn't it be better to have a recognized standard for IoT security, support and supportabilty with a CE/Kite mark? Sure, it would mean that cheap products with no support wouldn't be available, but the upside is that cheap products with no support wouldn't be available.

      1. LDS Silver badge

        "'m looking forward to the call when I help her set up her subnets"

        Just like some routers have built-in "guest" networks, it wouldn't be difficult to add some pre-configured subnets and VLANs without requiring the user to have a good knowledge of what they are and how to configure them, and add an interface to add the required ACLs in a simple way, again with some pre-configured ones (i.e. "HTTPs traffic only"). Add on top of it DHCP/DNS automatic management, so you can also see which devices are registered, and with which names.

        Call them "networks", "segments," "zones" or whatever you like, to help the user with simpler names.

        1. A Dark Germ

          Re: "'m looking forward to the call when I help her set up her subnets"

          Your thinking IT here.

          Please understand this is not IoT.

      2. vtcodger Silver badge

        Re: I had to laugh

        "Wouldn't it be better to have a recognized standard for IoT security,"

        Of course there will be standards for IoT security. Probably about seven of them. All mutually incompatible. And no one will implement any of them in exactly the same fashion as anyone else.

        1. Doctor Syntax Silver badge

          Re: I had to laugh

          "And no one will implement any of them in exactly the same fashion as anyone else."

          In fact, probably no-one will implement any of them exactly.

    3. JDX Gold badge

      Re: I had to laugh

      It seemed pretty clear this article was aimed at businesses not homes.

      1. Pascal Monett Silver badge

        Re: aimed at businesses not homes

        As far as the level of competence obviously required for all these points, yes. It is certain that claiming IoT owners need to "figure out the protocols" obviously means "you know what a protocol is and you can figure it out". That eliminates Joe Public right there.

        Unfortunately, homes is where IoT is going to wreak havoc. It's Joe Public who wants his IoT door lock, his IoT lights with loudspeakers and fancy colors, and all the rest of that shite.

        And understanding protocols, to say nothing of "sorting out security" (snort), is most definitely not in Joe Public's ability to comprehend, let alone take responsibility for.

        This article's only merit is that it clearly outlines that IoT is not for the public.

        But that's where it is going to be sold.

        1. Steve Davies 3 Silver badge

          Re: aimed at businesses not homes

          But that's where it is BEING sold by the bucketload.

          There Fixed it For You.

      2. Loyal Commenter Silver badge

        Re: I had to laugh

        It seemed pretty clear this article was aimed at businesses not homes.

        So, what's the business case for having a load of pointlessly IoT devices on your corporate network? Which devices are actually appropriate in a work environment? Fridges, kettles, lightbulbs, el-cheapo cameras? I think not...

        1. Dave 126 Silver badge

          Re: I had to laugh

          Industrial automation has used networked sensors and actuators for years - so we don't need to explain their use in business. Said sensors and actuators are addressable, thus fulfill the definition of Internet of Things.

          In a rather more mundane business environment, an office, door locks activated by an employee's card are common.

          1. Jack of Shadows Silver badge

            Re: I had to laugh

            And in both environments, we run into se urity failures some of them disturbing. To say the least. Businesses and OEM's both alone or together.

      3. A Dark Germ

        Re: I had to laugh

        Not about IoT.

        It's about a step between IT & IoT.

        Real IoT uses a secure IoT hub to talk to the TCP/UDP/IP world.

        We use hardware cryptography that is tamper proof.

        People are just not educated at all.

        Security is not for you humans.

    4. Anonymous Coward Silver badge
      Alien

      Re: I had to laugh

      Like it or not, most domestic networks are to be treated as untrusted anyway. There is no difference between being inside the network and outside, because they just give their WiFi key to anyone who asks.

      Therefore, a compromised IoT thing will be an inconvenience (because some bugger turns your bedroom lights on a 1am) but not a security risk as such. (obviously, that doesn't apply to CCTV cameras, door locks, etc, but as we say, the 'S' in 'IoT' stands for security)

      Small business networks will be the most vulnerable, not least because the boss will just buy and connect this crap without talking to their (external) IT people.

      1. JohnFen Silver badge

        Re: I had to laugh

        "most domestic networks are to be treated as untrusted anyway"

        This. In fact, I recommend treating all networks that you haven't personally verified the security of as untrusted, and all WiFi connections as untrusted no matter what.

      2. Robert Helpmann?? Silver badge
        Childcatcher

        Re: I had to laugh

        Small business networks will be the most vulnerable, not least because the boss will just buy and connect this crap without talking to their (external) IT people.

        You say most, but I work in an understaffed enterprise environment (the default setting for enterprise environments). I am in the midst of implementing a set of network inventory tools and am uncovering so much stuff that no-one at the home office was aware much less managed, tracked or configured. Despite having implemented a variety of security restrictions on our wired and wireless networks, our local admins put all sorts of stuff on our networks because someone at their site went out and bought it. Same deal for software. The best thing about the situation is that I just have to turn the data over to someone else to take action. I do not believe my situation is in any way unique.

    5. A Dark Germ

      Re: I had to laugh

      Do you know what IoT is mate?

      Your talking about IT here talking peer to peer with IT.

      These devices you say are IoT are Linux based IT mostly.

      So funny thinking your educating when your part of the problem.

  2. BazzF

    As a slightly knowledgeable home user, my router cannot do subnets so I use MAC lists. My desktop, the Wife's desktop, my phone, her phone and the printer (not wireless).

    For the Wifi I changed the SSID and set it to not broadcast, and admin password and that uses the same MAC list. So both wired and wifi is covered.

    No IoT, No hassle and no Tasha Yar

    1. Anonymous Coward
      Anonymous Coward

      You might as well broadcast. If the hub doesn't broadcast, then all your WiFi devices will blare the SSID out clear as day every time it needs to connect. IOW, instead of hiding the door (where someone can just follow someone who has to use it), just be sure there are sufficient locks on the door and pray you don't have a mole (which NO amount of security will be able to fully stop).

      1. DropBear Silver badge

        "You might as well broadcast"

        Is that so? Granted, not broadcasting the SSID is not going to keep it some sort of inaccessible secret, but it will prevent your WiFi showing up in the list on a casual scan which is all you need to prevent 99.9% of all access attempts. If someone is staying put for long enough to methodically scan your neighbourhood and chance upon your smartphone connecting as you return home (as everything else will likely just stay connected 24/7) chances are you're up against a threat you can't even begin to hope to successfully counter. Yes, it won't simply magically keep you safe all by its own - but useless? Hell no.

    2. JohnFen Silver badge

      "For the Wifi I changed the SSID and set it to not broadcast"

      This provides you very nearly no additional protection.

      1. Maelstorm Bronze badge
        Trollface

        "For the Wifi I changed the SSID and set it to not broadcast"

        "This provides you very nearly no additional protection."

        What if I put a condom over it? I hear that Trojans are the best protection that you can get, and it feels like nothing at all.

  3. Stoneshop Silver badge

    Security what?

    "When something becomes end-of-life it means there are no more security updates "

    Given this criterion one should consider IoT devices as having an EoL date half a decade in the past.

    At the very minimum.

  4. Prst. V.Jeltz Silver badge

    shouldnt your corporate network be secure enough not have hackers rifling it from the outside looking for webcams and fridges?

    1. JohnFen Silver badge

      Yes, but it should be remembered that in businesses, most attackers aren't coming in from the outside, they're coming from inside the secured network. They can be disgruntled or criminal employees and contractors, and they can also be IoT devices that establish connections to outside destinations.

    2. Doctor Syntax Silver badge

      "shouldnt your corporate network be secure enough not have hackers rifling it from the outside looking for webcams and fridges?"

      But what about those webcams and fridges calling home, or at least trying to?

      1. Anonymous Coward
        Anonymous Coward

        "But what about those webcams and fridges calling home, or at least trying to?"

        Saw a presentation by a pen test company a few months ago, one of the demos was a CCTV system (for home / SME) which actually captured still images every so often and tried to send them to the software developer's email .....

  5. trevorde

    Firmware updates

    yeah, right

  6. This post has been deleted by its author

  7. Sir Loin Of Beef

    WHY?

    Why do we need IoT in the first place??

    1. Dave 126 Silver badge

      Why do businesses benefit from a network of sensors and actuators, you mean? Ask them - they've been using them for years. I'd have thought some applications would be obvious. access control, fire safety, efficiency....

      1. JohnFen Silver badge

        I don't think he was asking what the benefit of remotely accessing sensors and the like is. I think he was asking why on earth they should be on the internet. Which, I think, is a valid question. The internet is far from the only way to accomplish that, it's just the most convenient -- if you don't care about security at all.

        If you really have to have this stuff on the internet, then you also have to engage in quite a bit of security groundwork for them to even begin to approach being something reasonably secure, which takes away a fair amount of that convenience.

    2. A Dark Germ

      You don't need this IT crap in your home, but we all need IoT!

      We need to monitor our environments in order to save time & money on wastage.

      IoT is for sensors & actuators over long distances no operating system involved very low level hardware.

      Our local council don't check lights on the streets anymore.

      They have out sourced the task of many hours checking thousands of lights by getting the public to report the lights not working. This is not the solution.

      With IoT lights the state of the light and the time delays can be dynamic.

      This means a light will report the problem with its brightness itself.

      It will self check. Winter comes early the lights can be turned on, maybe even off to save money late at night.

      The list of tasks IoT will monitor & action will become 10-100 times larger than the INTERNET.

      You don't seem to read much do you, or at least educate yourself here.

      Please educate yourself about the reality around you.

      Comments from fools & ignorant people are hard to understand, but populate due to sheep mentality.

  8. This post has been deleted by its author

  9. Anonymous Coward
    Anonymous Coward

    "What exactly is the Internet-of-Things?"

    1. Its a Smart TV that exists for industry-wide consumer surveillance

    2. Its a vacuum cleaner with video cam for remote spying capability

    3. Its the very next Alexa / eavesdropping smart-speaker clusterfuck

    4. Its a car that will spy on you anywhere / everywhere you go / drive

    5. Its a kids toy that will burn your kids privacy badly or even horribly

    6. Its a home security device that will often leave the front door open

    7. Its a home security system that will track your family for hackers

    8. Its a CT scan / hacked medical equipment that gives a lethal dose

    9. Its a kettle or home device that's hacked to start a fire while you sleep!

    0. Its a cyberwar device for ddosing and conducting WW3 attacks etc.

    ~~~~~

    IoT is basically

    ~~~~~

    1. A solution to a problem no one really cares about versus flying cars

    2. An empty marketing sales pitch in search of some real practical use

    3. Intelligence / Spying target-device that Govt has promised to exploit

    4. A device that phone homes reliably, but fails when you need it to work

    5. A host of juicy data left wide-open on an Amazon S3 Cloud bucket

    6. A marketing device designed to bump GDP / Surveillance-Economy

    7. A 'Scam' perpetrated on unwitting low-hanging-fruit users / consumers

    8. A clusterfuck of unintended consequences that'll burn vulnerable people

    9. Endless devices offering 24/7 Worldwide-Surveillance Orwellian-Hell

    0. - *Internet_of_Threats* - *Internet_of_Tat* - *Internet_of_Twats* -

    1. DCFusor Silver badge

      Re: "What exactly is the Internet-of-Things?"

      I agree - the only reason for the I in IoT is so someone can get in the middle and do things that profit them.

      I really don't need to do things like set a thermostat while on the road, though it's handy to be able to do it to one on-site building from another one. So...here on the off-grid homestead, I did a LAN of things for those things most don't think about but are needed to be off-grid - solar system control, water system collect and purify, and yes, thermostats in several buildings, weather details around the nature preserve and around the plumbing in the crawl space (do I need to do something so it won't freeze?). Stuff like that makes sense. It'd be pretty hard to hack, as all this stuff is "one off" and at least has security by obscurity - and if you think that's all, come at me, bro.

      How long before all these people providing this "free" service hire an MBA and decide they need rent on top of their other monetization (like a lot of other industries..."something as a service"). Or maybe they have already, and it's the GIF thing all over again - get wide adoption and THEN spring the trap.

  10. Scott 53

    No...

    Wi-fi uses photons, not electrons. We are not swamped with beta radiation.

    1. Graham Cobb

      Re: No...

      I quite liked the image of my router dodging electrons being fired in random directions from some IoT crap while trying to simultaneously provide a Wifi service.

    2. Charles 9 Silver badge

      Re: No...

      "Wi-fi uses photons, not electrons."

      Neither, actually. It uses radio waves just like most other wireless communications systems not dependent on line of sight (which rules out infrared which is still an electromagnetic wave).

      1. Loyal Commenter Silver badge

        Re: No...

        It uses radio waves

        Them's photons, just big fuzzy ones.

      2. Maelstorm Bronze badge
        Facepalm

        Re: No...

        "Wi-fi uses photons, not electrons."

        Neither, actually. It uses radio waves just like most other wireless communications systems not dependent on line of sight (which rules out infrared which is still an electromagnetic wave).

        Wrong. It is photons. A radio wave is a photon. Go look at your electromagnetic spectrum chart. Visible light is on it.

    3. Loyal Commenter Silver badge

      Re: No...

      We are not swamped with beta radiation.

      Although that would explain the shitty range of my Virgin Media router. Maybe it would work better in a vacuum, and in the absence of any electrical fields?

    4. Andy the ex-Brit

      Re: No...

      "... thanks to radios that could well be accepting connections from anything that wants to throw electrons at them."

      It would be shocking if radios worked that way!

    5. IHateWearingATie
      FAIL

      Massively disappointed....

      …. that it took till half way down the comment thread for someone to pick up on the obvious electrons / photons error in the article.

      And then doubly disappointed at the lack of sarcasm and general finger-pointing-and-laughing at the error further up when someone got confused about radio waves and photons.

      Clearly the heat has addled commentards brains - buck up your ideas people!

      (I have an excuse in that I was too busy to read the article till this morning)

      1. Ken Moorhouse Silver badge

        Re: electrons / photons error

        Would that be Layer 0? Has anybody bothered doing a spec for that?

  11. Sebastian Brosig

    Electrons?

    ...accepting connections from anything that wants to throw electrons at them

    Photons. It's electromagnetic waves, that's really limp photons but lots of them.

  12. Sebastian Brosig
    Boffin

    Electrons?

    ...accepting connections from anything that wants to throw electrons at them

    Photons. It's electromagnetic waves, that's really limp photons but lots of them.

  13. JohnFen Silver badge

    DHCP

    "you could consider assigning static IP addresses to the IoT devices so you know exactly which is which"

    Wait, you mean this isn't standard practice? I thought this was considered best practice for at least a decade. DHCP for transient devices, static assignments for everything else. To do otherwise make network management much, much more difficult.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019