The global arms dealer
Is there another press release proclaiming that criminals using Cloudflare will soon be able interact with compromised IoT devices more efficiently than before?
Traffic bouncer Cloudflare has outlined what it claims is the solution to the perennial internet-of-things security problem: pay it. The company points out what most security experts have been saying for some time: IoT devices are a security disaster, they are going to grow exponentially, and when people can't even be relied …
Problem: doofus hooks insecure IDIoT device to public network. Solution: Not Cloudflare. The doofus has no idea that Cloudflare exists, or would upgrade their network hardware so traffic could be routed through Cloudflare services.
The real problem is that many doofuses (doofi?) plug something into a jack, and just leave it at that. Yes, they make sure that the device is accessible from wherever it is that their other computer is located, and that's it. Put it in a SOHO firewall/router's DMZ? No problem. Quick easy, sorted, and totally vulnerable. Just like the SOHO device itself. And possibly the cable modem it plugs into, as well.
I wanted all my IoT devices to route through a barrier device on my network in a Protected Lan of Things (PLoT) model so I could control resource I own, Not into Cloudfare to slurp all my traffic into their cloud instead and make me reliant on them and fingers crossed they might get it right every time,
This is something that can be baked into consumer level hardware (openwrt with iptables etc can do this already) and should be sited locally in the protected lan zone, enough with the cloud already. And if it needs cloud connectivity, I want to control that. And if it doesn't work without a permanent unfiltered connection on random ports, I want to kill it with fire, not mitigate it.
Cloudflare isn't the first offering in this regard, anyway, though to be fair they're probably the first to do any serious content scanning/filtering. Some M2M/IoT MVNOs offer general "defense from the internet" by default - your cellular device gets a private (usually static) IP and various flavors of VPN options to enable you to initiate traffic to your devices, while the devices have unrestricted outbound internet access (same as PCs on your LAN) via many-to-one NAT at the MVNO outer edge.
Biting the hand that feeds IT © 1998–2019