The importance of port management (and every other aspect of network infrastructure) has grown exponentially as our dependence on connectivity has increased. Additionally, with the advent of mainstream IoT technology, port management's role in both IT management and security becomes even more critical.
IoT currently uses about one percent of all network bandwidth, according to PCWorld. However, with an impressive $14.4 trillion economic value forecast by 2022, that number is sure to increase. But the growing network complexity of IoT raises some serious concerns. More devices mean more traffic, which leads to new potential attack vectors. So how can we better manage the ports through which these devices connect in an effort to stay on top of network monitoring and security?
One of the most basic and effective strategies for securing access ports is through network identity management. This is a very low-level way to help ensure that the devices sending data through your environment are authorized to do so. Since many IoT devices will be connecting wirelessly, the first step is to consolidate your IoT wireless access points to designated Ethernet ports.
Depending on the size of your IoT deployment, you can then restrict these Ethernet ports to authorized MAC addresses or set up a "sticky'' mode, which essentially binds to the first hardware address it encounters. When a new device attempts to connect to these statically assigned ports, they can be configured to reject the connection or automatically disable themselves. While the latter may seem harsh, dynamic port disabling can prevent some of the more sophisticated attacks.
After you've tackled the physical portion of port security, the next step is to focus on logical separation and organization. You can accomplish this by using VLANs to further insulate critical infrastructure from potential IoT vulnerabilities. This "VLAN of things" should be segmented so that superficial devices — those that only need internet access — are completely separated from operations networks.
A quick and effective way to do this is to simply configure ports in these VLANs as access only. This will prevent data from traversing back up the trunk to other switches. It's often a good idea to create a few different segments for your IoT environment: one for devices that only need local access, one for those that require external access and one for devices that may need to communicate with sensitive areas of your environment.
Once you've set up your physical and logical security measures, the last step is to remain proactive about rooting out vulnerabilities. This ultimately boils down to increasing the visibility of your network and the ports within it. One of the best ways to accomplish this is with a simple network flow monitor. Since you should already know what kind of conversations your IoT devices will generate, you can set up alerts for when your traffic monitor notices something suspicious coming through an IoT port.
And there you have it. By approaching port management from both a physical and logical perspective, you can better protect your environment from potential vulnerabilities in your IoT deployments. With the added visibility and automation of network monitoring solutions, your network infrastructure will be fully prepared for the added complexities of this exciting technology.