mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-03 23:40:14 +08:00
Update and rename sources/talk/20190825 Top 5 IoT networking security mistakes.md to translated/talk/20190825 Top 5 IoT networking security mistakes.md
This commit is contained in:
Morisun029
GitHub
parent
eef03a31e8
commit
46eb94167d
@ -1,68 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (Morisun029)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Top 5 IoT networking security mistakes)
|
||||
[#]: via: (https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html)
|
||||
[#]: author: (Fredric Paul https://www.networkworld.com/author/Fredric-Paul/)
|
||||
|
||||
Top 5 IoT networking security mistakes
|
||||
======
|
||||
IT supplier Brother International shares five of the most common internet-of-things security errors it sees among buyers of its printers and multi-function devices.
|
||||
![Getty Images][1]
|
||||
|
||||
Even though [Brother International][2] is a supplier of many IT products, from [machine tools][3] to [head-mounted displays][4] to [industrial sewing machines][5], it’s best known for printers. And in today’s world, those printers are no longer stand-alone devices, but components of the internet of things.
|
||||
|
||||
That’s why I was interested in this list from Robert Burnett, Brother’s director, B2B product & solution – basically, the company’s point man for large customer implementations. Not surprisingly, Burnett focuses on IoT security mistakes related to printers and also shares Brother’s recommendations for dealing with the top five.
|
||||
|
||||
## #5: Not controlling access and authorization
|
||||
|
||||
“In the past,” Burnett says, “cost control was the driving force behind managing who can use a machine and when their jobs are released.” That’s still important, of course, but Burnett says security is quickly becoming the key reason to put management controls on print and scan devices. That’s true not just for large enterprises, he notes, but for businesses of all sizes.
|
||||
|
||||
[INSIDER: 5 ways to prepare for Internet of Things security threats][6]
|
||||
|
||||
## #4: Failure to update firmware regularly
|
||||
|
||||
Let’s face it, most IT professionals stay plenty busy keeping servers and other network infrastructure devices up to date and ensuring their infrastructure is as secure and efficient as possible. “In this day-to-day process,” Burnett says, “devices like printers are very often overlooked.” But out-of-date firmware could expose the infrastructure to new threats.
|
||||
|
||||
## #3: Inadequate device awareness
|
||||
|
||||
It’s critical, Burnett says, to properly understand who is using what, and the capabilities of all the connected devices in the fleet. Reviewing these devices using port scanning, protocol analysis and other detection techniques should be part of the overall security reviews of your network infrastructure. Too often, he warns, “the approach to print devices is ‘if it’s not broke, don’t fix it!’” But even devices that have been running reliably for years should be part of security reviews. That’s because older devices may not have the capability to offer stronger security settings or you may need to update their configuration to meet today’s greater security demands. This includes the monitoring/reporting capabilities of a device.
|
||||
|
||||
## #2: Inadequate user training
|
||||
|
||||
“Training your team on best practices for managing documents within the workflow must be part of a strong security plan,” Burnett says. The fact is, no matter how hard you work to secure IoT devices, “the human factor is often the weakest link in securing important and sensitive information within a business. Items as simple as leaving important documents on the printer for anyone to see, or scanning documents to the wrong destination by accident, can have a huge, negative impact on a business not just financially, but also to its IP, reputation, and cause compliance/regulation issues.”
|
||||
|
||||
## #1: Using default passwords**
|
||||
|
||||
**
|
||||
|
||||
“Just because it’s easy doesn’t mean it’s not important!” Burnett says. Securing printer and multi-function devices from unauthorized admin access not only helps protect sensitive machine-configuration settings and report information, Burnett says, but also prevents access to personal information, such as user names that could be used in phishing attacks, for example.
|
||||
|
||||
**[ [Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!][7] ]**
|
||||
|
||||
Join the Network World communities on [Facebook][8] and [LinkedIn][9] to comment on topics that are top of mind.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html
|
||||
|
||||
作者:[Fredric Paul][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Fredric-Paul/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://images.idgesg.net/images/article/2019/02/iot_security_tablet_conference_digital-100787102-large.jpg
|
||||
[2]: https://www.brother-usa.com/business
|
||||
[3]: https://www.brother-usa.com/machinetool/default?src=default
|
||||
[4]: https://www.brother-usa.com/business/hmd#sort=%40productcatalogsku%20ascending
|
||||
[5]: https://www.brother-usa.com/business/industrial-sewing
|
||||
[6]: https://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html#tk.nww-infsb
|
||||
[7]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr
|
||||
[8]: https://www.facebook.com/NetworkWorld/
|
||||
[9]: https://www.linkedin.com/company/network-world
|
||||
@ -0,0 +1,78 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (Morisun029)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Top 5 IoT networking security mistakes)
|
||||
[#]: via: (https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html)
|
||||
[#]: author: (Fredric Paul https://www.networkworld.com/author/Fredric-Paul/)
|
||||
|
||||
五大物联网网络安全错误
|
||||
======
|
||||
IT 供应商兄弟公司分享了其从它们的打印机和多功能设备买家中看到的五种最常见的物联网安全错误。
|
||||
![Getty Images][1]
|
||||
|
||||
尽管[兄弟公司][2]是许多 IT 产品的供应商,从[机床][3]到[头戴式显示器][4] 再到[工业缝纫机][5],但它最知名的产品是打印机。在当今世界,这些打印机不再是独立的设备,而是物联网的组成部分。
|
||||
|
||||
这也是我为什么对罗伯特•伯内特提供的这份列表感兴趣的原因。伯内特是兄弟公司的总监,负责 B2B 产品和提供解决方案。基本上是该公司大客户实施的重点人物。所以他专注于与打印机相关的物联网安全错误,并且分享兄弟公司对于处理这五大错误的建议一点也不奇怪。
|
||||
## #5: 不控制访问和授权
|
||||
|
||||
伯内特说:“ 过去,成本控制是管理谁可以使用机器,何时结束工作后面的推动力。” “当然,这在今天也仍然很重要,但安全性正迅速成为管理控制打印和扫描设备的关键因素。” 他指出,这不仅适用于大型企业,也适用于各种规模的企业。
|
||||
|
||||
|
||||
[业内人士:应对物联网安全威胁的5种方式][6]
|
||||
|
||||
|
||||
|
||||
## #4:无法定期更新固件
|
||||
|
||||
让我们来面对这一现实,大多数 IT 专业人员都忙于保持服务器和其他网络基础设施设备的更新,确保其基础设施尽可能的安全高效。 “在这日复一日的过程中,像打印机这样的设备经常被忽视。” 但过时的固件可能会使基础设施面临新的威胁。
|
||||
|
||||
## #3: 设备意识不足
|
||||
伯内特说:“ 正确理解谁在使用什么设备,以及整套设备中所有连接设备的功能是什么,这是至关重要的。 检查这些设备使用的端口扫描技术,协议分析和其他检测技术应作为网络基础设施整体安全审查中的一部分。 他常常提醒人们说:“ 处理打印设备的方法是: 如果没有损坏,就不要修理!” 但即使是可靠运行多年的设备也应该成为安全审查的一部分。这是因为旧设备可能无法提供更强大的安全设置,或者可能需要更新其配置才能满足当今更高的安全要求,这其中包括设备的监控/报告功能。
|
||||
|
||||
|
||||
## #2: 用户培训不足
|
||||
“ 应该把培训团队在工作过程中管理文档的最佳实践作为强有力的安全计划中的一部分。” 伯内特说道。 “ 然而,事实却是,无论你如何努力地去保护物联网设备,人为因素通常是一家企业在保护重要和敏感信息方面最薄弱的环节。像这些简单的事情,如无意中将重要文件留在打印机上供任何人查看,或者将文件扫描到错误的目的地,不仅会给企业带来经济损失和巨大的负面影响,还会影响企业的知识产权,声誉,引起合规性/监管问题。”
|
||||
|
||||
|
||||
|
||||
## #1: 使用默认密码
|
||||
“ 只是因为它很方便并不意味着它不重要!” 伯内特说。“ 保护打印机和多功能设备免受未经授权的管理员访问不仅有助于保护敏感的机器配置设置和报告信息,还可以防止访问个人信息,例如,像可能用于网络钓鱼攻击的用户名。”
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
**[ [想通过PluralSight的综合在线课程成为认证的信息安全系统专业人员。 现在提供10天的免费试用!][7] ]**
|
||||
|
||||
|
||||
|
||||
|
||||
加入 [Facebook][8] 和 [LinkedIn][9] 的网络社区,对你最关心的话题发表评论。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3433476/top-5-iot-networking-security-mistakes.html
|
||||
|
||||
作者:[Fredric Paul][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[Morisun029](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Fredric-Paul/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://images.idgesg.net/images/article/2019/02/iot_security_tablet_conference_digital-100787102-large.jpg
|
||||
[2]: https://www.brother-usa.com/business
|
||||
[3]: https://www.brother-usa.com/machinetool/default?src=default
|
||||
[4]: https://www.brother-usa.com/business/hmd#sort=%40productcatalogsku%20ascending
|
||||
[5]: https://www.brother-usa.com/business/industrial-sewing
|
||||
[6]: https://www.networkworld.com/article/2855207/internet-of-things/5-ways-to-prepare-for-internet-of-things-security-threats.html#tk.nww-infsb
|
||||
[7]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr
|
||||
[8]: https://www.facebook.com/NetworkWorld/
|
||||
[9]: https://www.linkedin.com/company/network-world
|
||||
Loading…
Reference in New Issue
Block a user