Bandwidth and security, why IoT is a risk for companies…

I will post a 3rd geek holiday gift list in the next couple of weeks. Today I am wondering. That happens from time to time. I’ve spent a lot of time over the past two months researching the impact of IoT. First off, the Internet of Things (or the more broadly based Cyber Physical Systems) presents a series of potential changes in the market. It also presents a very interesting problem.

home networkWhat do we do about bandwidth?

Today, most people get a router from the company they buy their Internet service from. That company configures the router in the way that best benefits them. They don’t send you a list of additional things you should do to minimize the future impact of devices. They advertise on TV; we are the fastest in home wireless network. But then they cap your outbound to 10 megabytes. People don’t care, they are bound and wound around the download speeds.

Download is critical for watching Netflix.

The better your download speed, the better your chances to watch Netflix on multiple devices. Of course, you have to pay for the higher Netflix service to get more than two devices at the same time but that is a bargain today (less than 12 bucks a month).

Many cable providers cap your maximum upload speed to 10 megs. What does that really mean? IT means on a Friday night your upload speeds are actually going to be 4 or 5 megs not 10. Yes, your cap is ten, but that is a never to exceed cap. When everyone is home in your neighborhood they are, all sharing the same switch. That switch is configured for the maximum value to the cable company. It is not built for you.

So, you end up with a problem. I’ve talked about this many times. Your home ISP provided router has a very small cache. It is quickly overwhelmed by the reality of data. Now, today 2016 most people won’t have this problem. Some do, but they are the cutting-edge people, they are worried about future problems and fix problems in their homes quickly.

Eventually IoT devices will overwhelm your 10-meg upload space.

That doesn’t seem like a huge problem, right? But what that means is your router has less available cache which pushes downloads to real time. OK so on a Friday night you go from 3 devices streaming media, to one or two maximum. Of course, that means you actually have to sit together in the same room and watch the same show.

Guy Fawkes maskAdditionally, by the way, if you work at home that overloaded router has an additional load during the day, your VPN or remote connection to your workplace. Seems minor right, except that there are work thing you do that REQUIRE constant and consistent network quality. Video calls? Oh, boy, you are in trouble. Audio calls? Oh, no, not the dreaded call with someone cutting in and cutting out.

One house, connected to a central switch, will cause all the other houses in that neighborhood to have less bandwidth. That creates more and more strain on the switch. Remember the cable network is built to benefit and provide Internet, but designed to benefit the cable company.

This doesn’t even start to talk about the risk of IoT. Why attack a company when instead you can attack the homes of employees that work from home? Sun Tzu wrote understand and know your enemy. But when choosing to fight, pick the battlefield that YOU CONTROL. The security of a home network is much less than that of a corporate network. Why brute force attack a company when you can instead attack the millions of IoT devices their employees have contend at home. The easy path is always the fastest and first point of attack.

anonymous-protester-occupyHackers are not a 12-year-old hunched over a computer in a hoodie. They are not wearing a Guy Fawkes mask staring at you through your video camera. They are smart, social engineers who understand the fastest way to get to a corporate network, is the remote door open for employees. Hackers are smart, they are looking for a way past the front door. Why beat on the gate of a castle when you can climb the drain pipe and end up with the crown jewels!


IoT wanderer…

One thought on “Bandwidth and security, why IoT is a risk for companies…

Comments are closed.