3 Tips for Locating and Identifying IoT Devices On Your Enterprise Networks

Posted on March 8, 2023 by Brent Huston

Are you confident that your enterprise networks are secure? If so, can you be certain all approved IoT devices are accounted for and properly configured? It’s essential to identify every device connected to your network if only to ensure that it is not a malicious actor.

But identifying unauthorized network intruders is not the only reason for carefully inspecting your enterprise networks.

In this article, I’ll provide 3 tips for locating and identifying any Internet of Things (IoT) Devices on your enterprise networks. These tips will help you reduce vulnerability across your entire organization and ensure maximum data security.

Scan The Network

One of the best ways to locate and identify IoT devices on your enterprise networks is to scan the network for any active connections. This can be done using various tools such as nmap or a vulnerability scanning product. By scanning the network, you can see which devices are connecting to your network and get some idea of what they might be. Some tools, including nmap can guess the type of device it might be based on stack fingerprinting or services identified.

Scan For BlueTooth Devices

Many IoT devices use Bluetooth to connect to other devices or interact with users, and scanning for such devices can help you locate them. You can use a tool such as BLE Scanner to detect any active Bluetooth devices connected to your network. This will help you identify unapproved or unauthorized Bluetooth-enabled IoT devices on your networks.

Inventory MAC Addresses And ARP Data

Every IoT device connected to your network has a unique MAC address. By keeping an inventory of all the active MAC addresses, you can quickly identify any new or unauthorized devices connecting to your networks. Additionally, you should monitor ARP data for changes or anomalies. Detecting any suspicious activity could indicate that a malicious actor or unexpected device is attempting to connect to your network.

To look up the MAC address and identify the vendor of an IoT device, you can search using the MAC address on websites such as macvendors.com, which will show you who manufactured the device. Some network security and monitoring systems may also provide a way to look up MAC addresses, allowing you to identify any unauthorized devices on your enterprise networks quickly.

In conclusion, ensuring that all IoT devices connected to your enterprise networks are identified and adequately configured is essential. To do this, you should scan the network for active connections, scan for Bluetooth devices, and inventory MAC addresses and ARP data.

Enabling ESP32 Secure Boot

Posted on October 9, 2022 by Brent Huston

What is Secure Boot?

ESP32 has a secure boot feature that allows you to configure the device to only accept signed firmware images from trusted sources. This can be used to prevent unauthorized modifications of your code and data on the ESP32, or to protect against malicious software (malware) attacks.

Why should it be used?

The ESP32 is an open-source hardware platform, which means anyone can modify its design. However, this also makes it vulnerable to malware attacks. If the attacker gains access to the device’s flash memory, they could replace the original firmware with their own version. In addition, if the attacker manages to gain root access, they could install any software on the device without user consent.

Secure boot prevents these types of attacks by requiring all firmware images to be digitally signed before being loaded into the device. Only those images that are signed by a trusted certificate authority will be accepted.

How does it work?

The ESP32 uses a Trusted Platform Module (TPM), which is a special-purpose chip designed for cryptographic operations. It provides a tamper-resistant environment where sensitive information such as passwords, keys, and certificates can be stored securely.

When the ESP32 boots up, it reads the TPM’s public key and checks whether the image file is signed using the private key associated with the public key. If so, the image is loaded into the device. Otherwise, the system displays an error message and refuses to load the image.

How do I enable it?

Secure Boot is enabled by default in the latest version of Espressif’s SDK for ESP32 development. But, on older versions of the SDK, you need to set the “secure_boot” option when initializing the board:

esp_init(0, 0x000002ff); // Initialize ESP32 module at address 0x00000200

esp_set_secure_mode(1); // Set secure boot mode

Why You Should Support CS2AI

Posted on October 7, 2022 by Brent Huston

What is Control Systems Cyber Security Association International (CS2AI.org)?

The mission of the Control Systems Cyber Security Association, Inc. (CS2AI) is to promote and advance cyber security education, research, and practice to protect critical infrastructure and ensure the safety and reliability of our nation’s control systems.

What does that mean? It means we are here to help you understand how to keep your control system safe from hackers, malware, and other threats. We want to ensure you know what to look for in a good cybersecurity program and how to find it.

We also want to ensure you have access to the best resources available to help you stay up-to-date on current trends and technologies.

Why does MSI support it?

Because we believe in its mission. We believe in making sure everyone has access to the information they need to make informed decisions about their own cybersecurity programs, especially when it comes to ICS.

We believe in helping people learn more about cybersecurity so they can take steps toward protecting themselves and their organizations.

We believe in supporting those who share our passion for improving the world through technology. CS2AI supports the core mission of MSI – making the online world a safer place for all of us.

How do I get involved?

It’s simple – click here to learn more about joining and the benefits of supporting the ongoing efforts to improve global cyber security.

A Reminder About the IoT Future…

Posted on June 15, 2015 by Brent Huston

This article has been making the rounds about a researcher who has developed a tool set that can turn a Mattel toy into a “magic” garage door opener for most garage doors. The uses of opening someone else’s garage doors seem pretty obvious, so we will leave that to the reader….

But, this is an excellent moment to pause and discuss what happens when so many things in and around our lives become Internet connected, remotely managed or “smart”. Today, it seems everything from door locks, to watches and from refrigerators to toilets are getting embedded digital intelligence. That’s a lot of hackable stuff in your life.

I have been doing some research on beacon technology recently, and how they are being used to track consumer behaviors. I have been working with some clients that use TigerTrax™ to track consumer data and some of that work is simply amazing. As vendor knowledge seeps into your home and everyday life, even more impacts, privacy issues (and lets face it…) cool features will emerge. The problem with all of these things is that they are a double edged sword. Attackers can use them too. They can be manipulated, mis-used, invasive, infected and some can be outright dangerous (consider refrigerator malware….).

Once again, technology is becoming ubiquitous. It offers both benefits and some things to consider. My point here is just to consider both sides of that coin the next time you face a buying decision. The world, and you, could benefit from more privacy consideration at the point of purchase… 🙂

MSI :: State of Security

Insight from the Information Security Experts

Tag Archives: IoT