5 Lessons Learned from the Mirai DDoS Attack from Digi International
Security is always top of mind when it comes to IoT devices and applications. The recent Mirai DDoS attack in October 2016 is an important reminder that IoT device manufacturers—and consumers—need to be vigilant with security, both out of the box and at home.
Recently, Andrew Lund, Digi’s Product Marketing Manager for Wireless M2M and IoT, shared his thoughts with IoT Evolution on the Mirai attack and what lessons could be learned to help improve security for IoT devices and applications. Below is an excerpt of five of Andrew’s best practices from IoT Evolution’s piece, which you can read in full here.
- Change default passwords:
Given the attack vector that Mirai used, it’s clear that one area Device OEMs can make design decisions to increase security is with respect to passwords. The days of leaving the default password unchanged are over, so manufacturers must either force users to change passwords or create a “default” passwords that are unique to each individual IoT device.
- Don’t allow insecure ingress protocols:
Mirai malware contains “killer” scripts that remove other worms and Trojans, allowing Mirai to maximize its use of the infected host device. But Mirai also goes one step further and closes processes that are used for remote ingress attempts, like Telnet, SSH, and HTTP.
- Secure remote management tools:
Efficient, cost-effective method of remotely monitoring, updating and managing connected devices. Users can set performance parameters for healthy devices and create reports and alarms for suspicious activity. Using a remote manager that incorporates PCI-DSS and other relevant security certifications in the cloud such as HIPAA and NIST allow users to define a device profile, assign the profile to all devices in a group, and monitor and auto-remediate any variances. The best remote management tools can also restrict incoming traffic to only allow SSL connections, eliminating unencrypted TCP connections.
- Firmware updates:
Firmware updates must be completed securely (authentication) and automatically, or at a minimum, users must be notified/prompted when a new firmware update is available.
- Packet encryption:
This consists of basic encryption, such as FIPS-197/AES, to protect messages from unauthorized viewing or malicious changes. This method is easy to implement and use, especially in conjunction with private keys.