Security alerts are going out every day about discovered backdoors in popular network-enabled devices. IP cameras, access control readers, and anything with a network port are vulnerable.  The real threat is how do you protect the LAN from these devices?  With IpTL’s Secure Network Gateways you can microsegment, enclave, and isolate those devices to ensure only desired network traffic is permitted. Here are some of the challenges.

• Fixed Application Devices, like IP Cams, can have backdoors.  Some allow the device to be tampered with while others enable access to your entire network and theft of your data
• You have to rely on the device manufacturer to provide firmware updates for known vulnerabilities, and they may not always acknowledge or fix the problem
• Unknown vulnerabilities still exist, and you are just waiting for the next zero-day.
• How do I keep unauthorized network traffic off my LAN?

Isolate the IoT network device by placing an IpTL Secure Network Gateway in between the device and your network.  This creates a logical and physical barrier between the networks.

	The IpTL Secure Network Gateway physically and logically separates the enclaved network from the LAN. The Enclave Network and Protected LAN are connected with different physical Ethernet ports. The Enclave Network is on a different logical network address space (e.g. 192.168.0.1/24). The IpTL appliance will have a local Protected LAN network address to access the IP Camera, the IpTL appliance will forward to the camera. No configuration required on the Protected LAN routers or devices — to access the camera you point to the address of the IpTL appliance. The SuperNAC™ security engine is configured to only allow data from IP camera onto the Protected LAN only when first initiated by a requesting host on the Protected LAN. The camera cannot initiate any network traffic to the Protected LAN. Conditional access is connection-based and the camera can only communicate with the requested host; when the connection is terminated all communications are blocked. Additional security can be implemented by setting a SuperNAC™ application filter to only allows video camera data (e.g. RTSP or HTTP) to flow from the Enclaved Network to the Protected LAN.
	IP Camera is enclaved on its own network and the camera does not have direct access to the Protected LAN as the IpTL appliance is the gateway
	When the operator connects to the IP camera, SuperNAC™ creates a conditional pin-point connection between the camera and the operator only.  Even when streaming the camera does not have access to the Protect LAN
	The badguy can’t “scan” the Protected LAN, even if he is using spoofing the IP camera MAC and IP addresses.  Badguy cannot send malware into the Protected LAN as the network is blocked.

Copyright 2019 IP Technology Labs, LLC.   All trademarks are the property of their respective owners.