From the course: CompTIA Security+ (SY0-701) Cert Prep

Secure networking for smart devices

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Secure networking for smart devices

- [Instructor] One way that you can ensure control diversity and redundancy for embedded systems is placing them within a secure network environment that's designed to protect smart devices from attack and protect other systems on the network from compromised smart devices. This tried-and-true technique is known as network segmentation. Network segmentation simply places untrusted devices on a network of their own where they have no access to trusted systems. In the context of embedded devices, it might look something like this. We have our standard corporate wired and wireless networks that have laptops, desktops, and servers connected to them, and then a separate network hanging off the firewall that contains embedded devices used to control an industrial process. Now, does this look similar to anything you've already seen in your study of cybersecurity? Well, if it looks like a firewall DMZ, there's a good reason for that; it's the same concept. Placing embedded systems in an isolated DMZ allows them to access each other and the internet if necessary, but also allows you to strictly control that access and limit the access those devices have to other systems on your network. Network segmentation is perhaps the most important control that you can put in place to protect embedded systems. Application firewalls also play an important role in protecting your embedded systems, particularly if those systems are accessible by untrusted individuals. Embedded systems that have web interfaces are susceptible to many of the same web application attacks that we find on more complex systems. They can be vulnerable to SQL injection, buffer overflows, and cross-site scripting attacks. Application firewalls when placed in front of embedded systems monitor inbound traffic for signs of malicious activity, and when they detect this type of hostile traffic, they can block it before it reaches a potentially vulnerable embedded device. These elements are all part of a layered defense. And one final note, you should also know how to secure mainframe systems that are connected to enterprise networks. While mainframes may be few and far between these days, you still may encounter one in some legacy environments. The good news is that you can treat them like an embedded device from a security perspective. The same controls that we've discussed here for smart devices also work for relatively dumb ones like old mainframes.

Contents