How IoT Firewalls Work

IoT devices pose significant security risks to an organization’s network. IoT firewalls protect these
devices from exploitation and can be implemented in one of two ways:

 IoT Network Firewalls: IoT network firewalls are deployed as part of network gateways and
allow both macro and micro segmentation of an organization’s IoT deployment. IoT network
firewalls can use VPNs to encrypt traffic between the gateway and remote servers that
process data collected by IoT devices.

 IoT Embedded Firewalls: IoT embedded firewalls are built into the operating system of an
IoT device. They are installed by the IoT device manufacturer and can filter traffic to the
device and potentially act as a VPN endpoint.

The Importance of IoT Firewalls

IoT devices are notorious for their poor security. Some common IoT security risks include:

 Legacy Operating Systems: IoT devices may be running outdated operating system versions.
This makes them vulnerable to exploitation via publicly known vulnerabilities.

 Lack of Built-In Security: Most IoT devices lack the built-in firewalls and antivirus that are
common on desktop systems. This makes it easier for attackers to exploit these systems and
infect them with malware.

 Difficult Patch Management: When was the last time you updated the software in your
lightbulb? Fixing functionality and security issues is vital to the security of all software.
However, IoT devices are rarely updated, making them vulnerable to attack.

 Weak Passwords: IoT devices are commonly deployed without changing the default
password and may have hardcoded passwords that users cannot change. When these
passwords become publicly known, attackers can simply log into vulnerable devices.

 Poor Physical Security: Many IoT devices — such as Internet-connected cameras — are
designed to be deployed in public and remote locations. With physical access to devices,
attackers may be able to bypass and defeat a device’s security defences.

 Insecure Protocol Use: While most Internet traffic avoids the use of insecure protocols such
as Telnet, the same is not true of IoT devices. The use of these protocols makes it easier for
attackers to steal login credentials and exploit vulnerable protocols.

These security issues make IoT devices a significant security risk to their owners and the networks
where they are deployed. IoT firewalls help to manage this risk by making devices more difficult to
attack and limiting the impact of a compromised device.

IoT Architectures Differ

IoT devices are being deployed in various industries, but these devices and architectures are not
created equal. Industrial and consumer IoT are often deployed under two very different
architectures.
Manufacturers commonly use the Purdue model to segment their industrial control system (ICS)
networks. This model separates an IoT architecture into several layers with defined purposes. IoT
network firewalls inspect and control traffic across network boundaries.

 Level 4/5: The Enterprise layer is the corporate IT network, where enterprise resource
planning (ERP) systems perform highly-level management of manufacturing operations.

 Level 3.5: The Demilitarized Zone (DMZ) separates IT and OT environments and includes
security systems designed to protect OT environments from attacks over IT networks.

 Level 3: Manufacturing operations systems manage workflows on the manufacturing floor.

 Level 2: In the process network, operators monitor and manage physical processes using
Human Machine Interfaces (HMI) access to supervisory control and data acquisition (SCADA)
software.

 Level 1: In the control network, intelligent devices such as PLCs (Programmable Logic
Controller) and RTUs (Remote Terminal Unit) monitor and manipulate physical devices.

 Level 0: In the field network are the physical devices and sensors that perform
manufacturing operations.

In contrast, consumer IoT devices that are deployed across a larger and more diverse geographic
area may operate under a four-layer architectural model:

 Sensor Layer: IoT devices collect data for processing.

 Network or Data Acquisition Layer: Data from one or more systems is collected by IoT
gateways and securely transferred to processing systems.

 Data Pre-Processing Layer: Edge-based IoT devices perform pre-processing to reduce the
amount of data sent to cloud-based servers.

 Cloud Analysis or Application Layer: Cloud servers analyse data and provide users access to
analytics and data.

Industrial IoT architectures have integrated security layers that consumer IoT deployments may lack.
IoT gateways and cloud firewalls can control access to improve the security of consumer IoT devices.

Which Industries Need IoT Firewall Security?

IoT adoption is growing across the board, making IoT security important for all organizations.
However, for certain industries and companies, IoT firewall security is especially vital, including:

 Industrial: High availability and performance requirements mean that OT systems commonly
run legacy software and have limited support for built-in security solutions. As these systems
are increasingly connected to IT environments, IoT firewall security is vital to blocking
attacks from entering OT environments and then moving laterally within the organization.

 Healthcare: The Medical IoT (MIoT) is rapidly growing, and includes pacemakers, scanners,
fitness trackers, and similar networked devices. These devices’ poor security makes IoT
firewalls necessary to block attempted exploitation of these vulnerable devices.
 Enterprise: In addition to industry-specific solutions, enterprises are deploying IoT devices
such as smart building management systems, networked cameras, and printers. Not all
devices may be known or managed by the IT team, leaving them vulnerable to exploitation.

 Device Manufacturers: IoT devices’ unique deployment scenarios make them difficult to
secure using traditional methods. By deploying IoT embedded firewalls on their devices,
device manufacturers can improve these devices’ security and resilience to attempted
exploitation.