Cameras, printers, and controllers: How to secure smart devices in your business

The National Cyber Directorate conducts frequent reviews to identify targets accessible for attack and warns of threats in cyberspace, where the risk is amplified in light of Operation “Lion’s Roar”. The enemy seeks any available vulnerability to carry out attacks for the purpose of causing damage, disrupting operations, stealing information, or conducting propaganda and influence operations.

Equipment, servers, and various services that include interfaces allowing remote system management access, and smart devices in the home or business, constitute an attractive target for attackers. Their exposure to the internet places the organizations using them at high operational risk. Attackers use various technological means to locate and exploit different weaknesses in these interfaces.

To best protect your systems and smart equipment, the following steps should be taken:

1. Block direct access from the internet to these interfaces, for all types of equipment used by the organization. If it is not possible to completely disconnect the interfaces from the network, access to them should be limited to specific known addresses, or a service such as VPN or ZTNA should be used with appropriate strong encryption and authentication.
2. Avoid direct exposure to the internet of services and protocols originally intended for corporate networks, such as SMB, Kerberos, LDAP, NTLM, and the like.
3. Completely avoid using unencrypted protocols or those considered obsolete and not up-to-date in terms of security, such as Telnet, SNMP, SMBv1, NetBIOS, FTP, TFTP, etc.
4. In case of essential need, it is highly recommended to operate such protocols within an encrypted medium, by using the latest encrypted version of the protocol, using a dedicated Proxy server that includes encryption, and as a last resort, using a solution such as VPN or ZTNA, which creates a dedicated encrypted channel for the relevant traffic.
5. Use recommended settings for configuring algorithms and key lengths suitable for encryption.
6. The default password on equipment must be changed to a long, complex, and difficult-to-guess password. If the option is supported by the system or equipment, it is recommended to enable strong authentication mechanisms and prefer the use of MFA mechanisms that are resistant to phishing attacks.
7. Regularly check and install all relevant security updates from the manufacturer.

Organizations managing systems or equipment through cloud-based management solutions: The guidelines in the previous sections are also relevant for you, with the necessary modifications for accessing the cloud systems themselves.