Socially distancing our connected devices

As we all adjust to a new reality defined by the effects of COVID-19, we’ve had to come to terms with social distancing as a way to hopefully slow down the spread of the virus. In an effort to “flatten the curve” of infection, epidemiologists ask us to keep a safe distance between one another.

Despite the obvious differences between health care and cyber security, these two fields have a lot in common. Instead of preventing the spread of biological viruses, our main objective is to prevent the spread of digital ones. Much like social distancing, we often do that by limiting a device’s ability to communicate with other devices. Instead of social distancing and N95 masks, we talk about network segmentation, air gaps and content filtering.

Large organizations have used network segmentation as an effective way to reduce risks to their vital information systems for decades. It’s time for consumers and small businesses to start doing the same.

We recently switched ISPs – requiring a visit from our new provider to physically make the switch. As he was working on hooking up devices to the new network, we had an interesting discussion about whether or not people should set up guest wireless networks. His take on the matter was that guest networks are unnecessary because if you trust someone enough to invite them into your home, you should also trust them on your network.

As someone who has spent many years protecting everything from critical infrastructures to mobile apps, my experience has been that this approach is wrong. While I might trust you personally not to intentionally harm the devices on my network, I can’t trust my “smart” TV, HVAC controller or robotic vacuum cleaner not to access other devices.

The reality we deal with is one where all of our devices have the potential to be hacked at one point or another. In many cases these new “smart” devices are inherently designed to be as simple as possible – eliminating important security measures. This increases the risk of creating security vulnerabilities that hackers later use to gain control over a device. By providing unmitigated access to all the other devices connected to our network, each hacked device puts the rest at risk too. Much like the infection rate of the current pandemic, these risks to the general “health” of our network and the devices connected to it grow exponentially as we connect more “smart” devices.

Most of us don’t need our robotic vacuum cleaners to have access to our network storage devices, or even to our TVs. As our homes become more connected, it’s time we learn from the experience of larger organizations and start thinking about socially distancing our devices. In most cases, the easiest and cheapest way to do that is to enable your router’s guest network and turn on device isolation. Doing so will allow you to connect smart devices to the internet (through the guest network), while isolating them from each other, as well as from other devices such as mobile devices and computers containing private and sensitive information.

While attackers can bypass network segmentation methods – more on that in a future post – “socially distancing” our devices is still a very cost-effective way to quickly and significantly reduce the increased risks of having more of our appliances connected to our network.