Register
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes,
58.8k views
4 votes
An organization is deploying IoT locks, sensors, and cameras, which operate over 802.11, to replace legacy building access control systems. These devices are capable of triggering physical access changes, including locking and unlocking doors and gates. Unfortunately, the devices have known vulnerabilities for which the vendor has yet to provide firmware updates.

Which of the following would BEST mitigate this risk?

A. Direct wire the IoT devices into physical switches and place them on an exclusive VLAN.
B. Require sensors to sign all transmitted unlock control messages digitally.
C. Associate the devices with an isolated wireless network configured for WPA2 and EAP-TLS.
D. Implement an out-of-band monitoring solution to detect message injections and attempts.

User Tnissi
by
7.6k points

1 Answer

7 votes

Final answer:

The best strategy to mitigate risks for IoT devices with vulnerabilities is to use an isolated wireless network with strong encryption and authentication such as WPA2 and EAP-TLS.

Step-by-step explanation:

To mitigate the risk posed by IoT locks, sensors, and cameras with known vulnerabilities, the best strategy would be to both segment the network and ensure strong security protocols are in place. Implementing option C, which suggests associating the devices with an isolated wireless network configured for WPA2 and EAP-TLS, provides this comprehensive approach. This ensures that the communication is encrypted and authenticated, making it significantly more difficult for unauthorized access to occur. While direct wiring (option A) can eliminate some wireless threats and creating exclusive VLANs adds a layer of segmentation, it does not provide strong encryption or authentication for the wireless communication. Option B, requiring sensors to sign all transmitted unlock control messages digitally, adds security to the messages themselves, but does not protect against network-level attacks. Finally, an out-of-band monitoring solution (option D) would be helpful in detecting attacks, but does not prevent them from occurring in the first place.

User Steve Jessop
by
7.3k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is meant by data mining ?
What is the best way to describe a stock market?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!