Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.

Avenue4 LLCRead Message Promoted Post

Home / News I have a News Tip

BITAG Outlines Steps to Dramatically Improve the Security and Privacy of IoT Devices

Broadband Internet Technical Advisory Group (BITAG) today released a report outlining a set of guidelines it believes could dramatically improve the security and privacy of IoT devices and minimize the costs associated with the collateral damage that would otherwise affect both end users and ISPs. The report has also warned that unless manufacturers and distributors of IoT devices improve device security and privacy, consumer backlash may impede the growth of the IoT marketplace and ultimately limit the promise IoT holds.

Other observations made in the report include:

  • Insecure Communications: Many of the security functions designed for more general-purpose computing devices are difficult to implement on IoT devices and a number of security flaws have been identified in the field, including unencrypted communications and data leaks from IoT devices.
  • Data Leaks: IoT devices may leak private user data, both from the cloud (where data is stored) and between IoT devices themselves.
  • Potential for Service Disruption: The potential loss of availability or connectivity not only diminishes the functionality of IoT devices, but also may degrade the security of devices in some cases, such as when an IoT device can no longer function without such connectivity (e.g., a home alarm system deactivating if connectivity is lost).
  • Device Replacement May be an Alternative to Software Updates — for Inexpensive or "Disposable" Devices: In some cases, replacing a device entirely may be an alternative to software updates. Certain IoT devices may be so inexpensive that updating software may be impractical or not cost-effective.

BITAG Technical Working Group has provided a number of recommendations which including:

  • IoT Devices Should Be Restrictive Rather Than Permissive in Communicating: When possible, devices should not be reachable via inbound connections by default. IoT devices should not rely on the network firewall alone to restrict communication, as some communication between devices within the home may not traverse the firewall.
  • IoT Devices Should Continue to Function if Internet Connectivity is Disrupted: IoT device should be able to perform its primary function or functions (e.g., a light switch or a thermostat should continue to function with manual controls), even if it is not connected to the Internet.
  • IoT Devices Should Continue to Function If the Cloud Back-End Fails: Many services that depend on or use a cloud back-end can continue to function, even if in a degraded or partially functional state when connectivity to the cloud back-end is interrupted or the service itself fails.
  • IoT Devices Should Support Addressing and Naming Best Practices: Many IoT devices may remain deployed for a number of years after they are installed. Supporting the latest protocols such as IPv6 for addressing and naming will ensure that these devices remain functional for years to come. IoT devices should also support the use or validation of DNS Security Extensions (DNSSEC) when domain names are used.

The lead editors of were Jason Livingood, Vice President of Technology Policy & Standards at Comcast and Nick Feamster, Professor of Computer Science at Princeton University. Douglas Sicker, Executive Director of BITAG, Chair of BITAG's Technical Working Group, Department Head of Engineering and Public Policy and a professor of Computer Science at Carnegie Mellon University, chaired the review itself.

SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Mobile Internet

Sponsored byAfilias

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s.