Skip to main content
SpringerLink
Log in

Securing the Internet of Things: Best Practices for Deploying IoT Devices

  • Chapter
  • First Online:
Computer and Network Security Essentials

Abstract

The Internet of Things (IoT) has brought a wealth of new technologies both in homes and businesses onto IP networks not natively designed to securely support such myriad devices. Networks once hosting only computers and printers now routinely contain payment systems, Wi-Fi and mobile/wearable devices, VoIP phones, vending machines, sensor and alarm systems, servers, security cameras, thermostats, door locks and other building controls, just to name a few. This chapter analyzes current best practices for securing computer networks with special attention to IoT challenges, discusses selected major IoT security incidents, details selected IoT cyber attacks as proofs of concept, and presents a framework for securely deploying IoT devices in the enterprise and at home.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ASD Australian Signals Directorate. (2014). Strategies to mitigate targeted cyber intrusions. http://www.asd.gov.au/infosec/top-mitigations/top-4-strategies-explained.htm. Accessed 5 December 2016.

  2. Charney, S. (2010). Collective defense: Applying public health models to the Internet. White paper. Redmond, Wash: Microsoft Corporation. http://www.microsoft.com/security/internethealth. Accessed 30 December 2016.

  3. Coldewey, D. (2016). ‘Smart’ locks yield to simple hacker tricks. TechCrunch.https://techcrunch.com/2016/08/08/smart-locks-yield-to-simple-hacker-tricks/. Accessed 8 January 2017.

  4. Cyber Risk Report. (2016). HPE security research. https://www.thehaguesecuritydelta.com/media/com_hsd/report/57/document/4aa6-3786enw.pdf. Accessed 5 January 2017.

  5. Franceschi-Bicchierai, L. (2016a). Hacker claims to push malicious firmware update to 3.2 million home routers. Motherboard.com . http://motherboard.vice.com/read/hacker-claims-to-push-malicious-firmware-update-to-32-million-home-routers. Accessed 3 January 2017.

  6. Franceschi-Bicchierai, L. (2016b). Hackers make the first-ever ransomware for smart thermostats. Motherboard.com . http://motherboard.vice.com/read/internet-of-things-ransomware-smart-thermostat. Accessed 2 January 2017.

  7. Gartner. (2015). Gartner says 6.4 billion connected “things” will be in use in 2016, Up 30 Percent from 2015. http://www.gartner.com/newsroom/id/3165317. Accessed 3 January 2017.

  8. Greene, C., Stavins, J. (2016). Did the target data breach change consumer assessments of payment card security? (Research Data Reports No. 16-1). Federal Reserve Bank of Boston.

    Google Scholar 

  9. ISO. (2015). IT-security techniques-storage security (ISO/IEC Standard No. 27040). Retrieved from https://www.iso.org/obp/ui/#iso:std:iso-iec:27040

  10. ISTR: Internet Security Threat Report. (2016). https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed 5 January 2017.

  11. Krebs, B. (2016a). Hacked cameras, DVRs powered today’s massive internet outage. https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet- outage/. Accessed 20 December 2016.

  12. Krebs, B. (2016b). Who makes the IoT things under attack. http://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/. Accessed 3 January 2017.

  13. Level 3 Research Labs. (2016). How the grinch stole IoT. http://blog.level3.com/security/grinch-stole-iot/. Accessed 2 January 2017.

  14. MalwareTech. (2016). Mapping mirai: A botnet case study. https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html. Accessed 31 December 2016.

  15. Morgan, S. (2016). Cyber crime costs projected to reach $2 trillion by 2019. http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#216e8d33bb0c. Accessed January 09 2017.

  16. Nichols, O., Yang, L., & Yuan, X. (2016, October 4). Teaching security of internet of things in using raspberry Pi. In KSU conference on cybersecurity education, research and practice.

    Google Scholar 

  17. O’Harrow, Jr. R. (2012, June 3). Cyber search engine Shodan exposes industrial control systems to new risks. The Washington Post, 6.

    Google Scholar 

  18. OWASP (2016). Manufacturer IoT security guidance. Open web application security project. https://www.owasp.org/index.php/IoT_Security_Guidance. Accessed 5 January 2017.

  19. Pauli, D. (2016). IoT worm can hack Philips Hue lightbulbs, spread across cities. The Register. http://www.theregister.co.uk/2016/11/10/iot_worm_can_hack_philips_hue_lightbulbs_ spread_across_cities/. Accessed 5 January 2017.

  20. Schneier, B. (2016). We need to save the internet from the internet of things. Motherboard. https://motherboard.vice.com/read/we-need-to-save-the-internet-from-the-internet-of-things. Accessed 7 January 2017.

  21. Shields, K. (2015). Cybersecurity: Recognizing the risk and protecting against attacks. North Carolina Banking Institute, 19, 345.

    Google Scholar 

  22. Simon, K. (2016, November 14). Vulnerability analysis using google and shodan. In International conference on cryptology and network security (pp. 725–730). Springer International Publishing.

    Google Scholar 

  23. Slay, J., & Miller, M. (2007, March 19). Lessons learned from the maroochy water breach. In Conference on critical infrastructure protection (pp. 73–82). New York: Springer.

    Google Scholar 

  24. Smith, M. (2016). EZ-Wave: A Z-Wave hacking tool capable of breaking bulbs, abusing Z-Wave devices. Network World. http://www.networkworld.com/article/3024217/security/ez-wave-z-wave-hacking-tool-capable-of-breaking-bulbs-and-abusing-z-wave-devices.html. Accessed 8 January 2017.

  25. Vernon, P. (2016). The Mirai botnet: what it is, what it has done, and how to find out if you’re part of it. HackRead.com . https://www.hackread.com/mirai-botnet-ddos-attacks-brief/. Accessed 2 January 2017.

  26. Wheatley, S., Maillart, T., & Sornette, D. (2016). The extreme risk of personal data breaches and the erosion of privacy. The European Physical Journal B, 89, 1–2.

    Article  Google Scholar 

  27. Woolf, N. (2016). DDoS attack that disrupted internet was largest of its kind in history, experts say. The Guardian. https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet. Accessed 20 December 2016.

Download references

Acknowledgments

This work was supported in part by National Security Agency and National Science Foundation GenCyber grant project #H98230-16-1-0262.

The authors also wish to thank colleagues and security experts Rob Cherveny and Dr. Markus Hitz for thoughtful input and feedback throughout this chapter.

Author information

Authors and Affiliations

  1. University of North Georgia, Dahlonega, GA, 30597, USA

    Bryson R. Payne & Tamirat T. Abegaz

Authors
  1. Bryson R. Payne
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tamirat T. Abegaz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bryson R. Payne .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Payne, B.R., Abegaz, T.T. (2018). Securing the Internet of Things: Best Practices for Deploying IoT Devices. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation