What is a Hardened Baseline Configuration for an IoT Device?

Internet of Things (IoT) devices are often difficult to secure. Shipped with default settings that attackers exploit, these connected devices come with risks related to their inherent nature. The lightweight devices lack the processing power and memory for deploying most anti-malware and anti-virus software, making their security even more difficult to manage. And it’s a rare device manufacturer who uses and updates that software on a device, rather than focusing on the device’s purpose and function outside of cybersecurity.  

Hardening – the process of implementing secure configurations – is a fundamental security measure for mitigating attack and data breach risks. However, for many organizations, determining the most appropriate secure configuration poses a challenge. Further, organizations need to maintain these secure configurations. IoT devices can deviate from the approved configurations for a number of reasons, including when taking other security measures like updating firmware. 

By deploying and maintaining secure IoT configurations, organizations can mitigate risk across their diverse fleets, protecting data and improving their compliance posture. 

What are the Three Main Issues with IoT devices?

While IoT devices enable organizations to streamline operations, they pose unique security risks that make managing them a challenge. As more organizations connect IoT devices to their networks, they find that the following issues make securing their environments more challenging:

• Lack of encryption: IoT devices often lack the processing power to encrypt the data they store, creating a data leakage or breach risk. 
• Outdated firmware: IoT manufacturers are slow to provide security updates (if they do at all), leaving the devices with unpatched vulnerabilities that attackers can exploit. 
• Weak passwords: IoT devices often come with easy-to-guess or publicly available default passwords that attackers can use to compromise them. 

While these security issues are inherent to the devices, organizations can take steps to change default configurations to mitigate these risks. 

5 Best Practices for Creating a Hardened Baseline Configuration for IoT Devices

Secure configurations are the changes that you can make to a device’s settings that act as compensating controls. For example, suppose a manufacturer fails to supply a security update for a vulnerability in a reasonable timeframe. In that case, the secure configurations should mitigate risk by limiting how the device interacts with the public internet or what attackers can do to compromise the device. 

1. Implement Robust Authentication

When deploying devices, you can take several steps to improve authentication in ways that mitigate security risks, including:

• Creating a strong, unique password, passcode, or passkey for each device that is different from the default one that the manufacturer provides. 
• Requiring physical interaction with the device or possession of a shared secret during the initial pairing process.
• Implementing a secure password reset process. 
• Storing credentials or encryption keys in a Secure Access Module (SAM), Trusted Platform Module (TPM), Hardware Security Module (HSM), or trusted key store
• Use two-factor (2FA) or multi-factor authentication (MFA) whenever possible.

2. Use Secure Boot and Hardware-Backed Keys

A device’s integrity relies on executing a trusted boot sequence that checks each state for validity before initializing. Some considerations that the best manufacturers will take into account for their devices’ configurations include:

• Always use the ROM-based secure boot function. 
• Storing crucial data and running trusted authentication and cryptographic functions with a hardware-based, tamper-resistant capability, like a microcontroller security subsystem, Secure Access Module (SAM), or Trusted Platform Module (TPM).
• Immediately checking the validity of each boot code stage before running it. 
• Checking that each stage of the boot sequence only runs the expected hardware that matches the configuration parameters. 
• Preventing the next stage of a boot sequence from running until the current one is successful. 
• Ensuring that any failed boot sequence states fail into a secure state. 

3. Use Over-the-Air (OTA) Firmware Updates

OTA firmware updates help maintain IoT device security by automating their deployment. This mitigates risks arising from operating on outdated firmware, thereby reducing the number of potential vulnerabilities. When implementing OTA updates, you should consider:

• Ability to push updates to the entire fleet or a subset of the fleet. 
• Maintaining a previous version for rollback if the new update fails. 
• Pushing updates in the background or scheduling them outside of business hours. 
• Deploying in stages in case the firmware update itself has an issue, to reduce the danger of a simultaneous fleetwide outage
• Preventing unauthorized reversions that can reinstall software with known security vulnerabilities. 
• Creating an installation routine that determines all required dependencies and installs any previous versions necessary. 

4. Limit Device Services and Network Connectivity

As attackers can use the public-facing internet to gain unauthorized access to devices and internal networks, limiting possible routes into the device is critical. When implementing secure configurations, you should consider:

• Only allowing access to required network interfaces, like wired, wireless, or Bluetooth.
• Running only the required servers on the network. 
• Limiting communications to required network ports. 
• Using secure protocols, like HTTPS or SFTP. 
• Authenticating all incoming connections to ensure they are legitimate. 
• Authenticating all destinations before transmitting sensitive information. 

5. Ensure Signing of Firmware Images

Code signing typically uses a Public Key Infrastructure (PKI) that attaches to the code, attesting to its integrity by attaching a cryptographically unique user and timestamp to the software, showing who signed the code and when it was completed. 

Firmware image signing verifies the update’s source and integrity. Protecting IoT devices from unauthorized or malicious updates. This process validates the firmware image prior to device installation, mitigating risks arising from unauthorized modification in manufacturing environments. Additionally, this mitigates the risk that attackers can reverse engineer the firmware to identify potential vulnerabilities or devise additional exploits. 

Asimily Configuration Control: Documenting and Monitoring IoT Configurations

Implementing secure configurations is a key step toward mitigating risk. However, maintaining secure configurations is equally important. Configuration drift, a device deviating from the known good configurations, can occur for various reasons, including applying a firmware update or opening a port to send information to the device. Organizations often lack visibility into configuration for traditional devices, let alone the hundreds or thousands of IoT devices connected to networks. 

Asimily’s Configuration Control module, part of the Asimily platform, stores a snapshot of each IoT device connected to your network so that you can document the known good state for them. The information includes complete details about the device and its connectivity, including:

• Ports
• Services
• External IP
• Topology

By storing this information, you have the most complete known good state snapshot so you can implement, monitor, and maintain secure configurations. Further, this documentation makes it easy to roll back any devices that deviate from the approved secure baselines, whether caused by normal maintenance or a cyber attack, to their secure state. 

Asimily’s Configuration Control module allows you to classify which configuration categories will trigger an alert to reduce alert fatigue. Additionally, each category can be assigned a sensitivity, allowing you to receive all, some, or none of the possible alerts due to configuration category deviations from the snapshot.

Contact us today to learn more about Asimily Configuration Control.