How IoT Firewalls Work
IoT devices pose significant security risks to an organization’s network. IoT firewalls protect these devices from exploitation and can be implemented in one of two ways:
- IoT Network Firewalls: IoT network firewalls are deployed as part of network gateways and allow both macro and micro segmentation of an organization’s IoT deployment. IoT network firewalls can use VPNs to encrypt traffic between the gateway and remote servers that process data collected by IoT devices.
- IoT Embedded Firewalls: IoT embedded firewalls are built into the operating system of an IoT device. They are installed by the IoT device manufacturer and can filter traffic to the device and potentially act as a VPN endpoint.
The Importance of IoT Firewalls
IoT devices are notorious for their poor security. Some common IoT security risks include:
- Legacy Operating Systems: IoT devices may be running outdated operating system versions. This makes them vulnerable to exploitation via publicly known vulnerabilities.
- Lack of Built-In Security: Most IoT devices lack the built-in firewalls and antivirus that are common on desktop systems. This makes it easier for attackers to exploit these systems and infect them with malware.
- Difficult Patch Management: When was the last time you updated the software in your lightbulb? Fixing functionality and security issues is vital to the security of all software. However, IoT devices are rarely updated, making them vulnerable to attack.
- Weak Passwords: IoT devices are commonly deployed without changing the default password and may have hardcoded passwords that users cannot change. When these passwords become publicly known, attackers can simply log into vulnerable devices.
- Poor Physical Security: Many IoT devices — such as Internet-connected cameras — are designed to be deployed in public and remote locations. With physical access to devices, attackers may be able to bypass and defeat a device’s security defenses.
- Insecure Protocol Use: While most Internet traffic avoids the use of insecure protocols such as Telnet, the same is not true of IoT devices. The use of these protocols makes it easier for attackers to steal login credentials and exploit vulnerable protocols.
These security issues make IoT devices a significant security risk to their owners and the networks where they are deployed. IoT firewalls help to manage this risk by making devices more difficult to attack and limiting the impact of a compromised device.
IoT Architectures Differ
IoT devices are being deployed in various industries, but these devices and architectures are not created equal. Industrial and consumer IoT are often deployed under two very different architectures.
Manufacturers commonly use the Purdue model to segment their industrial control system (ICS) networks. This model separates an IoT architecture into several layers with defined purposes. IoT network firewalls inspect and control traffic across network boundaries.
- Level 4/5: The Enterprise layer is the corporate IT network, where enterprise resource planning (ERP) systems perform highly-level management of manufacturing operations.
- Level 3.5: The Demilitarized Zone (DMZ) separates IT and OT environments and includes security systems designed to protect OT environments from attacks over IT networks.
- Level 3: Manufacturing operations systems manage workflows on the manufacturing floor.
- Level 2: In the process network, operators monitor and manage physical processes using Human Machine Interfaces (HMI) access to supervisory control and data acquisition (SCADA) software.
- Level 1: In the control network, intelligent devices such as PLCs (Programmable Logic Controller) and RTUs (Remote Terminal Unit) monitor and manipulate physical devices.
- Level 0: In the field network are the physical devices and sensors that perform manufacturing operations.
In contrast, consumer IoT devices that are deployed across a larger and more diverse geographic area may operate under a four-layer architectural model:
- Sensor Layer: IoT devices collect data for processing.
- Network or Data Acquisition Layer: Data from one or more systems is collected by IoT gateways and securely transferred to processing systems.
- Data Pre-Processing Layer: Edge-based IoT devices perform pre-processing to reduce the amount of data sent to cloud-based servers.
- Cloud Analysis or Application Layer: Cloud servers analyze data and provide users access to analytics and data.
Industrial IoT architectures have integrated security layers that consumer IoT deployments may lack. IoT gateways and cloud firewalls can control access to improve the security of consumer IoT devices.
Which Industries Need IoT Firewall Security?
IoT adoption is growing across the board, making IoT security important for all organizations. However, for certain industries and companies, IoT firewall security is especially vital, including:
- Industrial: High availability and performance requirements mean that OT systems commonly run legacy software and have limited support for built-in security solutions. As these systems are increasingly connected to IT environments, IoT firewall security is vital to blocking attacks from entering OT environments and then moving laterally within the organization.
- Healthcare: The Medical IoT (MIoT) is rapidly growing, and includes pacemakers, scanners, fitness trackers, and similar networked devices. These devices’ poor security makes IoT firewalls necessary to block attempted exploitation of these vulnerable devices.
- Enterprise: In addition to industry-specific solutions, enterprises are deploying IoT devices such as smart building management systems, networked cameras, and printers. Not all devices may be known or managed by the IT team, leaving them vulnerable to exploitation.
- Device Manufacturers: IoT devices’ unique deployment scenarios make them difficult to secure using traditional methods. By deploying IoT embedded firewalls on their devices, device manufacturers can improve these devices’ security and resilience to attempted exploitation.
Achieving IoT Firewall Security with Check Point
Check Point offers comprehensive protection for an organization’s IoT deployment, including both network and embedded IoT firewalls.
Check Point’s IoT Protect network firewall provides complete visibility into IoT devices connected to the corporate network by identifying both known and unknown IoT devices. It also recommends zero trust policies to macrosegment IoT devices and includes an integrated intrusion prevention system (IPS) to prevent attacks against IoT devices.
Check Point’s IoT Protect embedded firewall enables IoT device manufacturers to make their devices secure by design. After assessing a device, it applies a light-footprint nano agent to offer runtime protection against attempted exploitation.
Learn more about Check Point’s IoT security solutions in the IoT Protect solution brief. Then, see their capabilities for yourself by signing up for a free demo.