How to protect network security in the hottest era

  • Detail

How to protect network security in the era of intelligent IOT

with the advent of the era of Internet of things, intelligent IOT not only brings convenience to people's life and work, but also brings some unprecedented security risks. In recent years, a number of IOT security incidents have sounded an alarm to the industry. Experts believe that the security threat of IOT is becoming increasingly prominent, which brings new challenges to the traditional network security protection, and more countermeasures need to be taken to prevent it

smart devices will face three threats

the rapid development of intelligent IOT has fully activated economic growth. Today, with the interconnection of everything, the threat of network attacks is also increasing. According to cnvd statistics, in 2016, a total of 1117 IOT devices in the world were detected to reach a certain national standard hole, involving Cisco, Huawei, Google, Siemens and other enterprises. The types of attacked devices include webcams, routers, firewalls, shutdown devices, etc. Gartner, a consulting firm, predicts that by 2020, more than 25% of security attacks against enterprises will involve IOT

IOT security threats are actually around. At the 2017 cybersecurity Expo and Cybersecurity achievement exhibition recently held in Shanghai, we reduced the number of process steps. Security experts from geekpwn lab showed a number of IOT security threat cases on site. For example, the smart safe is encrypted with the app, and the tampering right of the safe password can be obtained remotely by using the protocol vulnerability. Resetting any password can open the safe and make the safe no longer safe

the "smart IOT security risk report" jointly released by the interconnection research center of Shanghai Academy of Social Sciences and great lab recently shows that the security risk of smart IOT has its particularity, which is related to the characteristics of smart IOT itself. For example, a large number of smart terminals are seriously fragmented, which brings weaknesses that are difficult to manage and maintain and difficulties in risk handling; The characteristics involving a large number of users' privacy data make the risk not only cause economic losses, but also increase social impact, even legal risks

statistics from the great laboratory show that the proportion of new intelligent security threats has increased from 40% in 2014. When you open the door, you can clearly see that its internal structure has risen to 58% today. Moreover, the security threats of intelligent devices are undergoing four changes: the expansion of attack objects to new intelligent devices, the concentration of attacks on terminal devices, the increasing diversification of attack methods, and the transformation of intelligent devices from attack targets to attack interfaces

in addition to the changing security threats, intelligent devices will also face three new threats: data leakage, big data terminal pollution and security threats in the era of artificial intelligence. Intelligent devices generally have the function of information and data collection. Through terminal devices, user information and data are always exposed in the IOT. If the attack on terminal devices goes further, the targeted construction of malicious data and uploading the data to the background cloud will cause terminal data pollution, and then affect data analysis and decision-making, resulting in a broader impact

Wang Qi, the founder of great, said that what smart IOT involves is the huge and complex network built by the details of all aspects of life, and the problems it faces are more complex. In addition, Xiao Yaqing, director of the state owned assets supervision and Administration Commission, has brought benefits and threats to the development of industrial intelligence. Different from the traditional IT security attack and defense technology, the security confrontation in the AI era has risen from a simple competition of information technology to a competition of artificial intelligence algorithms

many factors create hidden risks

in the view of experts, the security risks of intelligent IOT are caused by many reasons. First, the stage of industrial development and cost considerations. Since the development of intelligent IOT, it has really entered the high-speed development stage in the past 2 or 3 years. Various intelligent IOT devices have emerged in endlessly, and equipment manufacturers have insufficient consideration and investment in product safety. Among them, the insufficient investment of intelligent IOT security resources and attention is the most fundamental reason for the frequent occurrence of various security incidents

second, the weakness of the technical structure itself. Although there are more and more dedicated chips, components and protocols for the intelligent IOT environment, there are still a large number of IOT devices that use the traditional IT architecture as the technical framework, including the underlying system, transmission links, communication protocols, etc. Although this can improve the speed of product development and marketing, it also pushes the product to potential attackers of traditional it

third, the update of software and hardware of the device lags behind. Due to the large number and wide distribution of intelligent IOT devices, the implementation speed of security measures is too slow. Even if security problems are found, various obstacles will be encountered in the process of updating the software and hardware of the device. For example, the early intelligent webcam used simple software and hardware structure design, which could not be upgraded in this way. Although more and more products are more intelligent, and the firmware of products can be updated regularly to the latest version, compared with mature traditional IT systems, the update speed is still lagging behind, and the loss caused by security problems is closely related to time

it is noteworthy that at present, the security awareness of intelligent device manufacturers is still generally insufficient. Intelligent hardware products generally have relatively simple functions. In order to reduce costs, launch products quickly and seize the market, some manufacturers usually ignore safety issues in the product design and implementation stage. Sometimes, safety protection is sacrificed to meet the preferences of consumer groups, even for beautiful appearance, portability and simplicity

on the other hand, users' safety awareness and safety investment also need to be improved. Domestic enterprises still pay insufficient attention to network safety, and many enterprises often treat safety investment as cost. Ma Bin, vice president of Tencent, said that with the advent of the era of Internet of everything, network security should become the first element of enterprise protection

take multiple measures to prevent security risks

it is urgent to increase the security protection of intelligent IOT, and at the same time, it also requires multi-party cooperation. Safety experts pointed out that the first thing is to enhance safety considerations in product design and development. The reason why there are various security vulnerabilities in intelligent IOT devices that can be exploited by attackers is that most of them only pay attention to the functional features to be achieved in the process of product design and development, and ignore the security factors. According to the process of traditional IT product security, if the manufacturer of intelligent joint products can put the security factor in an important position and invest the necessary resources, it can effectively reduce product weaknesses and improve the overall security

secondly, we should establish and improve the upgrading mechanism of intelligent terminal equipment. At present, in many intelligent IOT devices, the firmware upgrade mechanism has not been fully covered. Only some category device manufacturers have realized remote automatic update. Most devices also need to manually download the firmware version and then update it to products. Some products even do not provide upgrade function at all. In this regard, experts pointed out that the timely release of patches and firmware updates can effectively reduce damage when vulnerabilities or attacks are found

intelligent IOT equipment manufacturers should fully consider the subsequent product upgrade needs and mechanisms when designing products, and implant the upgrade module into the products to achieve rapid security patch updates

in addition, the industry should gradually unify norms and standards. At present, China's intelligent IOT equipment industry is still basically in a spontaneous state, and the segmentation between departments, regions and industries is relatively common. The national industry authorities have realized the importance of standardization to the application development and safety of the smart industry, and are paying close attention to the study and formulation of relevant specifications

at the same time, it is also important for users to improve their safety awareness. In terms of intelligent security, many problems can be avoided by strengthening users' security awareness. Developing a good habit of using equipment safely can greatly increase the difficulty of implementing attacks and increase the cost of attacks

in addition, Ma Bin believes that to protect the security risks of intelligent IOT, first, we should deeply cultivate information security technology, second, we should speed up the training of network security talents, and third, we should increase open cooperation between industrial chains

in the future, intelligent IOT security is expected to generate huge industrial opportunities. According to the prediction of consulting firm markets and markets, the global IOT security market will grow from US $6.89 billion in 2015 to US $28.9 billion by 2020, providing new development opportunities for traditional IT infrastructure manufacturers, Internet security companies and emerging start-ups focusing on IOT security

Copyright © 2011 JIN SHI