Securing IoT with DNS Solutions

Cyberattacks in IoT have doubled since last year. A strong understanding and security strategy is critical to avoid and mitigate these risks.

Despite IoT’s prevalence in our lives, the security risks inherent to these devices are not being tackled head-on. A lack of overall security and accountability can significantly impact our homes and even the industries that utilize IoT in their day-to-day operations. 

The first step is to protect the devices with DNS, or Domain Name System infrastructures and DNS security capabilities. By doing so, important data is protected and IoT devices are only allowed access to relevant services.

Security risks in IoT

Bad actors can take advantage of the security holes in IoT devices through a variety of methods. An example of a commonly used schemes involves DNS cache poisoning. Also known as “spoofing,” DNS cache poisoning occurs when a hacker installs a specific incorrect record in the cache of a recursive DNS server. Anyone requesting this information from this server will then get the wrong answer. This attack is mainly used to direct user browsers to a fake server to perform phishing or extortion.

IoT devices must be identified, inventoried, screened, managed, and secured so they cannot cause any problems to the rest of the IT ecosystem, the users, or the organization itself.

DNS-based solutions, which protect IoT devices from cyberattacks, secure communications within the network and limit the attack potential of IoT devices. Protecting industrial IoT control devices both at the network and DNS levels prevents threats like spoofing, which captures the IoT traffic to exploit all other flaws.

A company’s intelligent usage of its DNS recursive infrastructure is key for protection, particularly in controlling the services the IoT devices are permitted to access. A good option is to use a DNS query filtering type of security approach based on whitelisting. This isolates all IoT devices, applying strict filtering based on an “allow list” (whitelist). Any DNS resolution request needs to be for an explicitly allowed domain to be executed.

Making use of DNSSEC (Domain Name System Security Extensions) on the DNS infrastructure ensures the authenticity and integrity of DNS information. For all IoT communication domains, this helps validate that the record originates from the authoritative DNS server for the record and that the server is trusted by the upper domain in the DNS hierarchy.

Prioritizing the safety of IoT devices through DNS allows us to best make use of the benefits they bring us. Investing in a security solution that can increase infrastructure access control of all IoT devices will be vital to ensure the innovations brought about by IoT can continue to progress and play an important role in our lives–without the threat of compromise.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.