Gone are the days where we can just lock our doors and call it secure. With new technologies that connect your personal properties to the internet (Aka "Internet of things" or "Operational Technology") you leave your properties access wide open for others to gain entry. Examples of such devices are smart connected HVAC controls, lighting, solar, security cameras, security systems and more. There are many ways for "bad actors" to gain control of information or actual control of your property, this isn’t just a physical means of entry anymore. Just purchasing any smart connected doorknob or camera and throwing it up connecting it to whatever service may be offered is NOT SECURING your property. In fact, you could purchase a security system, install it and be in worse off condition than if the system wasn’t even there. Yep, you heard that right!
Let’s examine real world data from one of my own properties. I'll display two examples within a 24 hour window. The first example are external bad actors or systems scanning to login to a server. Here you see sources inbound from Hong Kong, China Mainland and Russia attempting inbound access. Security controls were placed on the regions blocking inbound traffic from those regions. This is just one step in securing your network. Bad actors can still use a VPN and attempt the same access from a different country.
The second example is a cheap smart doorknob that connects wirelessly back to the internet so that I can lock and unlock a door remotely. This lock is a well-known brand sold on Amazon and many purchase this lock to be used in their Airbnb rentals as well as condo associations in order to change door lock combinations remotely during tenant turnovers. The below shows traffic outbound to a server in Singapore. This is the mechanism that communicates with the lock wirelessly to the hub, then on to a server in Singapore, then back to your phone.
The screenshot below is also the same App and lock that shows additional communication to Mainland China once the App is opened. I found that if you blocked the Mainland China communication but left open the Singapore traffic it all still functions, but if you turn off both communications the function ceases to work. So, what is the communication to Mainland China and what data is in that traffic if it works without that? I’ll spare you the boring details, but let’s just say you probably just want the function of your door, but without data spewing all over the world. If your data ends up in the wrong hands then what? This is just a door we are talking about, but what about hospitals, nuclear power plants, banks or industrial process control centers. Yikes! This is the reason, in 2019, the NDAA (National Defense Authorization Act) banned the purchasing or installing of products by several companies that were used by government contracts or on government properties.
So how do you secure your property properly you say? Just go back to AOL days where all you got was online mail and AIM you say?!!? Nah we live in the now! This is where proper firewall controls and network security architecture come into play. You can’t just turn off all communications because cloud servers are needed in order to provide function to the device you deployed in the first place. There are many steps, but some would be isolating internet connected devices that control your property into their own segregated network, firewall controls and two factor authentication greatly reduce or practically eliminate others from accessing your building controls. Keep this information in mind as you build out your future connected businesses or real property and block the bad actors! If you need consulting services securing your building, wireless setups or general network configuration feel free to give us a call! JWWireless LLC 850-276-2430