Authentication for IoT devices

Paul_s
Conversationalist

Authentication for IoT devices

Can anyone advise what is the most secure way to authenticate what are essentially dumb wireless IoT devices such as TVs that can't use 802.1x or certs?

 

Is it just by MAC address?

 

The will be on a dedicated SSID restricted to just Internet access.

 

Is there any value in hiding the SSID they will be connecting to?

 

Thanks

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

What I sometimes do is create firewall rules to block everything on the SSID - so no Internet access, and then just whitelist the known devices to give that access back again.

Uberseehandel
Kind of a big deal


@Paul_swrote:

Can anyone advise what is the most secure way to authenticate what are essentially dumb wireless IoT devices such as TVs that can't use 802.1x or certs?

 

 


First of all many TVs are not so dumb, secondly why are you connecting them by wireless, they don't move?

 

Wire anything that does not move.

 

IoT devices are almost always the creation of people and organisations for whom networking, and security is incidental, misunderstood, and a cost to be managed. In 2018 we still see stuff that is 802.11b compatible, devices that do not encrypt negotiation over the local wireless link, devices that "call home" to somewhere in China, even devices that have been "checked" by government security agencies that turn up goosing adjacent networks.

 

We have actually moved anything to do with IoT to a physically different network, and apart from a single ephemeral secure network device initiated connection class, have limited connections between IoT / Smart devices and the secure network to HDMI.

 

We are going to see a lot more two tier networks with multiple security appliances and a deliberate division into sheep and goats, good network and bad network. And anybody who works from home will need to do this, not just commercial operations.

 

Don't look for ways to integrate IoT, look for ways to keep it out, without losing its often alluring functionality.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels