Cisco casts an eye over IoT protocol landscape: Everything the light touches is ours Cisco has pitched its intent-based networking capabilities as a way to get control over the Internet of Things. There are good reasons to try and automate the network behaviour of IoT devices: as Cisco's enterprise networking marketing vice president Prashan Shenoy told The Register's networking desk, the ratio of IT personnel …
So, Cisco routers are allegedly flawed and owned by the Russians, according the GCHQ and the FBI, and now Cisco wants to own the IoT devices...
Makes me kind of glad, that my wife won't let anything IoT in the house.
Shenoy said there's no need to replace the disparate IoT protocols out there; the aim, rather, is to handle every protocol, to “feed information into Cisco's infrastructure”.
The aim should be first to secure those protocols and the devices behind them. Maybe Cisco should route them to /dev/null until they are secured, that would be a good start.
Unpatched routers if I am not mistaken.
Not sure why you ding Cisco, they are actually doing something about the security issues in IoT. It's completely unrealistic to expect the devices to be patched or secure. Instead behavioral analytics have to happen in the network and that's where it seems they are releasing quite some innovative stuff.
Their internet backbone routers were set up with no protection during setup, which meant anyone could compromise them, before they were set up.
https://www.theregister.co.uk/2017/02/15/cisco_defends_smi_remote_authentication_features/
https://www.theregister.co.uk/2018/04/09/cisco_smart_install_clients_attack_vector/
The problem is, most of these IoT devices are either thrown out the door for the lowest possible price, so things like quality, security and testing fall by the wayside or existing devices, often critical infrastructure or manufacturing production lines are IoTised to make administration simpler, but these are products that were never designed to be on a network and security isn't as sexy as a management dashboard showing how well the system is running...
These things need to be properly designed and security built in from the outset and people have to accept that a "real" IoT device doesn't cost a couple of dollars, but costs real money... But secure products won't sell, because we have been driven to buy the cheapest of everything, unless it is a boutique product.
So, paying proper money for an intelligent lightbulb isn't going to fly, but don't expect your cheap intelligent lightbulb to be secure... That is why I don't buy anything IoT at the moment. We need a complete see-change before these products can be taken seriously.
If I am replacing a non-intelligent device that has lasted 20 years, I'm not going to replace it with a new product that isn't secure from the get go and doesn't get security updates after the first 3 months since the launch have elapsed...
Hospitals already are packed full of IoT devices. Most of which are islands.
Cisco wants to be in control of those devices. As does every existing vendor -- they want their island to expand to be a beachhead to the other lucrative markets. They all talk about 'Open Interfaces' that you can license from them.. as long as you aren't going to compete with them for control of the network, or in a product type that they dominate.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
