ChapTeR 1 ■ The InTeRneT Of ThIngs and daTaPhysical Security
I mentioned this topic earlier too. For IOT solutions, this applies to all devices in the system. For those that
must be physically outside of a secure area, be sure to make them as secure as possible by minimizing the
hardware exposed and locking the enclosure. For example, a camera that sends video to the IOT server can
be split so that only the camera portion is external to the building (for instance) and the communication
electronics are inside the building. While it is possible for someone to hack the camera (or destroy it), it is
less likely they can do anything more than intercept the signal.
Similarly, locking the IOT device in an enclosure can reduce the risk, but the risk is balanced against
how sturdy the lock and enclosure is. That is, if the enclosure is made from a material that can be cut or the
lock can be easily removed, the security measure only slows down the perpetrator. The determined will still
prevail.^22
Software and Firmware
Another area of concern is the firmware and software (operating systems) used in the IOT solution. We
need to ensure the base operating system and other software is secure. More specifically, the software uses
secured accounts, cannot be compromised remotely, uses encryption, and can be made hardened from
attack. For example, a secure Linux operating system is preferred over an open access system. This also
applies to any IOT services outside of the firewall (publically accessible) including web servers, IOT cloud
services, and so on.
Now that you have seen some of the more common and more serious security risks, let’s discuss
security from the aspect of an IOT solution.
Securing IOT Solutions
Let’s turn our attention to how we can employ security practices for IOT solutions. While this section is not
complete in the sense it covers all possible security practices, it is intended to get you thinking about how
your own IOT solution should be protected. But before we get to that, let’s review a general architecture and
nomenclature for IOT solutions. The following describes several types of nodes that you may use to build
your IOT solution starting from the lowest layer (the IOT devices) to the highest layer (IOT cloud services).
Keep in mind the layers are also ordered from simple to complex regarding capabilities. This happens to
also correspond roughly with security at each level. That is, the lower layers are easier to secure (with some
exceptions like physical access of external sensors) than the higher layers. Figure 1-10 shows how the nodes
could be arranged in an IOT architecture.
(^22) Which is kind of like windows. Sure, we all lock our windows, but a brick or reasonably sized stone will make short
work of the glass.