Zffoto - stock.adobe.com

NIST IoT Guidance for Network-Based Attacks, Device Communication

Aimed at smaller entities, new NIST guidance provides a standards-based approach to network communication to reduce the risk of network-based attacks.

NIST unveiled guidance for small-sized enterprise networks and home users designed to mitigate network-based attacks using a standards-based approach to network communication and requiring IoT devices to only behave as the manufacturer intended.

The standards-based approach enables manufacturers to indicate device requirements for network communications to support the attack mitigation within the enterprise.

Manufacturer usage descriptions (MUD) lets the network automatically direct the IoT device to only send and receive traffic required for the device to perform as it was intended. NIST explained MUD prohibits all other communication with the device.

“[MUD increases] the device’s resilience to network-based attacks,” NIST researchers wrote. “In this project, the NCCoE demonstrated the ability to ensure that when an IoT device connects to a home or small-business network, MUD can automatically permit the device to send and receive only the traffic it requires to perform its intended function.”

“Because IoT devices are designed to be low in cost, with limited functionality using constrained hardware, and for limited purposes, it is not realistic to try to solve the problem of IoT device vulnerability by requiring that all IoT devices be equipped with robust and state-of-the-art security mechanisms,” they added.

The NIST Cybersecurity Practice Guide outlines the MUD protocols and tools, as well as how the functions can reduce IoT device vulnerabilities, including botnets and other network-based threats. The insights also aim to reduce the impact of a successful exploit of an IoT device.

The guidance comes on the heels of an Imperva report that showed a 372 percent increase in bad bot traffic against healthcare websites and applications during the first quarter of 2021. In fact, some of the success of attacks against healthcare can be attributed to sophisticated botnets.

Bots can be used to weaponize reputable environments, leveraging command and control protocols to thrive.

“There are enough computers in home networks, smart devices, Android systems, and other devices to execute attacks,” Fleming Shi, CTO of Barracuda, previously told HealthITSecurity.com. “Those attacks easily get the victims.” 

“[This year] the attackers are going to continue to target the computer environment and homes to start taking over more devices to make it much harder to deal with in the future,” he added.

The healthcare sector’s IoT and medical devices are also at the greatest risk of exposure and attack by multiple sets of vulnerabilities, Forescout’s ongoing research has repeatedly found. At least 75 percent of providers are using devices that host TCP/IP vulnerabilities, such as RIPPLE:20, AMNESIA:33, and others.

By leveraging the guidance, these entities can work to better defend against these risks. NIST provides four implementations that use MUD-based references to bolster security and securely onboard new devices, through traffic rules on devices and preventing devices from connecting to malicious domains.

The guidance also contains MUD-based reference solutions that map the capabilities to security controls specified in the NIST Cybersecurity Framework. The hope is that smaller entities will use the guide to better understand the solutions and prevent costly outages from exploited IoT.

The four-volumes include details on the approach, security characteristics, how-to steps, and demonstrated results from four successful implementations.

“The rapid growth of IoT devices has the potential to provide many benefits. It is also a cause for concern because IoT devices are tempting targets for attackers,” researchers wrote. “Many IoT devices...have minimal security or are unprotected… The consequences of not addressing the security of IoT devices can be catastrophic.” 

“By prohibiting unauthorized traffic to and from a device, the solution outlined in this guide both reduces the opportunity for an IoT device to be compromised by a network-based attack and reduces the ability of compromised devices to participate in network-based attacks such as DDoS campaigns,” they added.

Next Steps

Dig Deeper on Cybersecurity strategies