1. Home
  2. Symmetry Blog
  3. 5 Lessons Learned from the Mirai DDoS Attack from Digi International

5 Lessons Learned from the Mirai DDoS Attack from Digi International

Symmetry Electronics in Blogs on April 04, 2017

About Symmetry Electronics

Established in 1998, Symmetry Electronics, a Division of Braemac, is a global distributor of electronic components and systems. Combining premier components and comprehensive value-added services with an expert in-house engineering team, Symmetry supports engineers in the design, development, and deployment of a broad range of connected technologies. 

Exponential Technology Group Member

Acquired by Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is a proud Exponential Technology Group (XTG) member. A collection of specialty semiconductor distributors and engineering design firms, XTG stands alongside industry leaders TTI Inc., Mouser Electronics, and Sager Electronics. Together, we provide a united global supply chain solution with the shared mission of simplifying engineering, offering affordable technologies, and assisting engineers in accelerating time to market. For more information about XTG, visit www.xponentialgroup.com.


Security is always top of mind when it comes to IoT devices and applications. The recent Mirai DDoS attack in October 2016 is an important reminder that IoT device manufacturers—and consumers—need to be vigilant with security, both out of the box and at home.

Recently, Andrew Lund, Digi’s Product Marketing Manager for Wireless M2M and IoT, shared his thoughts with IoT Evolution on the Mirai attack and what lessons could be learned to help improve security for IoT devices and applications. Below is an excerpt of five of Andrew’s best practices from IoT Evolution’s piece, which you can read in full here.

  1. Change default passwords:
    Given the attack vector that Mirai used, it’s clear that one area Device OEMs can make design decisions to increase security is with respect to passwords. The days of leaving the default password unchanged are over, so manufacturers must either force users to change passwords or create a “default” passwords that are unique to each individual IoT device.

  2. Don’t allow insecure ingress protocols:
    Mirai malware contains “killer” scripts that remove other worms and Trojans, allowing Mirai to maximize its use of the infected host device. But Mirai also goes one step further and closes processes that are used for remote ingress attempts, like Telnet, SSH, and HTTP.

  3. Secure remote management tools:
    Efficient, cost-effective method of remotely monitoring, updating and managing connected devices. Users can set performance parameters for healthy devices and create reports and alarms for suspicious activity. Using a remote manager that incorporates PCI-DSS and other relevant security certifications in the cloud such as HIPAA and NIST allow users to define a device profile, assign the profile to all devices in a group, and monitor and auto-remediate any variances. The best remote management tools can also restrict incoming traffic to only allow SSL connections, eliminating unencrypted TCP connections.

  4. Firmware updates:
    Firmware updates must be completed securely (authentication) and automatically, or at a minimum, users must be notified/prompted when a new firmware update is available.

  5. Packet encryption:
    This consists of basic encryption, such as FIPS-197/AES, to protect messages from unauthorized viewing or malicious changes. This method is easy to implement and use, especially in conjunction with private keys.
Share

Symmetry Electronics in Blogs on April 04, 2017

About Symmetry Electronics

Established in 1998, Symmetry Electronics, a Division of Braemac, is a global distributor of electronic components and systems. Combining premier components and comprehensive value-added services with an expert in-house engineering team, Symmetry supports engineers in the design, development, and deployment of a broad range of connected technologies. 

Exponential Technology Group Member

Acquired by Berkshire Hathaway company TTI, Inc. in 2017, Symmetry Electronics is a proud Exponential Technology Group (XTG) member. A collection of specialty semiconductor distributors and engineering design firms, XTG stands alongside industry leaders TTI Inc., Mouser Electronics, and Sager Electronics. Together, we provide a united global supply chain solution with the shared mission of simplifying engineering, offering affordable technologies, and assisting engineers in accelerating time to market. For more information about XTG, visit www.xponentialgroup.com.

Subscribe

Stay up to date with industry and supplier news!

Browse

See all tags