惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
C
Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
Scott Helme
Scott Helme
P
Palo Alto Networks Blog
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
量子位
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
AWS News Blog
AWS News Blog
爱范儿
爱范儿
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
L
LINUX DO - 最新话题
Security Archives - TechRepublic
Security Archives - TechRepublic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
Cloudbric
Cloudbric
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
P
Proofpoint News Feed
V
V2EX
Martin Fowler
Martin Fowler
C
CERT Recently Published Vulnerability Notes
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
SecWiki News
SecWiki News
罗磊的独立博客
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog

NetBird - Networking Knowledge Hub - RSS Feed

NetBird Is Now on the Vultr Marketplace Native NetBird on the GL.iNet Comet Pro (GL-RM10) NetBird v0.71 - IPv6 Overlay Addressing NetBird Exit Nodes - Appear at Home, or Anywhere Else Reporting Bugs and Requesting Features in NetBird Setup and Use Local AdGuard Home Anywhere with NetBird DNS How to Set Up NetBird on PiKVM for Secure Remote KVM Access NetBird v0.69 - CrowdSec IP Reputation for the Reverse Proxy Cloudflare Mesh vs NetBird vs Tailscale: Performance Compared Self-Hosting Nextcloud with Docker and NetBird Implementing Zero Trust with NetBird NetBird v0.67 - Layer 4 Proxy Support for TCP, UDP, and TLS Solwr Enhances Remote Connectivity with NetBird Self-Hosting NetBird with Authentik Jellyfin Media Server - Self-Host Your Movies, TV, and Music Cloudflare Tunnels vs. NetBird Reverse Proxy INFITX Builds Zero-Touch Kubernetes Networking with NetBird NetBird v0.66 - Expose Local Services to the Internet from the CLI Pangolin vs. NetBird Home Assistant Setup Guide with EASY Remote Access NetBird v0.65 - Built-in Reverse Proxy with Custom Domains Docker for Beginners - Everything You Need to Get Started NetBird for SOC 2 Compliance NetBird v0.63 - Custom DNS Zones for Private Network Resolution Vibecode This in a Weekend and Take 5% of the Company NetBird v0.62 - Built-in Local Users with Optional IdP Integration NetBird v0.61.0 - Granular SSH Access Control and Automatic Updates Top 5 Alternatives to OpenVPN Top 5 Open Source Alternatives to Tailscale Top 5 Alternatives to ZeroTier How to Set Up ZeroByte and REST Server for Backups with NetBird How to Install n8n v2.0 with NPM and PM2 ZeroTier vs. NetBird The Ultimate Immich Guide - Ditch Google and Amazon Photos for Good NetBird as Your Help with ISO 27001 Compliance NetBird and Huntress - Secure Network Access for MSPs How to Access Windows Shares from Anywhere with NetBird netgo Relies on Modern ZTNA with NetBird Connect to Your Homelab from Anywhere with a Raspberry Pi NetBird SSH - A New, Identity-Aware Approach The AI Mega Mesh: How to Connect 30+ GPU Cloud Providers Connect Multiple Ollama GPUs to OpenWebUI with NetBird Top 5 Tailscale Alternatives SSH and RDP, now in your browser NetBird–Acronis Integration: Empowering MSPs for Advanced Ransomware and Threat Defense Introducing the Control Center - Remote Access, Beautifully Visualized NetBird at MSP Global 2025 Understanding Overlay Networks - The Basics NetBird and SentinelOne Singularity™ - Automate Threat Response NetBird and Microsoft Intune - Enforcing Device Compliance for Zero Trust Rethinking Zero Trust Security with NetBird and pfSense Improving Unidirectional Access Control Proxmox VE for Beginners Guide with NetBird LXC Stronger Security: NetBird + GitHub Secure Open Source Fund NetBird's MSP Partner Program Signicat Enhances Cross-Cloud Accessibility with NetBird SonicWall SSL VPN NetExtender vs. NetBird NetBird Is Embracing the AGPLv3 License NetBird Profiles Have Landed - Manage Multiple Accounts Effortlessly Rethinking Access Control to Secure Your On-Premises SharePoint Servers Sport Alliance Increases Efficiency with Zero Trust Networking at Scale Rethinking Network Access: qwertiko Goes Zero Trust with NetBird Optimizing Network Efficiency with NetBird's Lazy Connections Use Port Ranges in Access Control Policies Generic HTTP Endpoint for Network Events Streaming NetBird’s Response to Spear-Phishing Campaign Targeting Financial Executives Zero-Trust Access to Internal Resources Without Installing Agents Enhance Network Visibility with NetBird’s Traffic Events Logging TrueNAS Made Easy - Install, Set Up, and Access From Anywhere Top 5 Alternatives for WireGuard Jump Hosts. Gateways for Remote Access NetBird Network Routes and Exit Nodes Security for All - SSO and MFA for Free Enhancing Network Access Control with NetBird's Identity Provider Feature Twingate vs. NetBird Limit Network Access Based on Running Applications FortiClient ZTNA vs. NetBird OpenVPN vs. NetBird Tailscale vs. NetBird Getting Started with an Azure Site-to-Site VPN Getting Started with an On-premise-to-AWS Site-to-Site VPN Secure Remote Access to VPCs, LANs, and Offices regreSSHion - A New OpenSSH Server Remote Code Execution Vulnerability Evolve Bank & Trust Data Breach. What Happened? What Is a Site-to-Site VPN? IPSec Tunneling Demystified. Enhancing Data Security Across Networks Understanding IPSec Tunnel and Transport Modes Understanding the Differences Between IKEv1 and IKEv2 Understanding the IKEv1 Protocol in IPSec ZeroTier versus NetBird - Which Should You Choose? AWS Lambda Serverless Security. Mistakes, Oversights, and Potential Vulnerabilities Using NetBird for Kubernetes Access Serverless Security Vulnerabilities and Best Practices to Mitigate Them Security Best Practices for Serverless Azure Functions A Guide to Remote Access Security for SMEs Open Source Zero Trust Networking Using SSH for Secure Remote Access How We Integrated Rosenpass in NetBird The First Quantum-Resistant Mesh VPN Using eBPF and XDP to Share Default DNS Port Between Multiple Resolvers
IoT Security Essentials. How to Achieve Secure Remote Access
Written byThinus Swart · 2024-03-26 · via NetBird - Networking Knowledge Hub - RSS Feed

The world of the Internet of Things (IoT) devices is a fascinating one. IoT devices enable you to get information about your devices and environments at a glance.

However, connecting these devices directly to the internet increases your attack surface, and bad actors can take advantage of the proliferation of IoT devices to compromise networks.

In this article, you'll learn how to securely access your IoT devices without directly exposing them to the internet.

The History of IoT Devices

The term IoT was first coined in 1999 by a computer scientist named Kevin Ashton , who proposed putting radio-frequency identification (RFID) chips on products to enable monitoring them throughout a supply chain. His idea was to use these chips and other sensors to connect miscellaneous things to the internet for tracking and measurement purposes.

Ever since then, whenever a nonstandard or noncomputing device gained the ability to connect to the internet, it became an IoT device. In June 2000, LG released the first internet refrigerator , which was an unsuccessful product, not only because it was expensive but because people didn't see the need for an internet-connected fridge. However, as more and more devices followed the trend of becoming internet-connected and better use cases were imagined and realized, IoT has only gained popularity.

In the agricultural space, IoT sensors help monitor soil moisture and nutrients . Sprinkler systems, for example, can be controlled to only activate if the moisture levels are low, saving money and potentially saving crops that are sensitive to overwatering.

More typical consumers can employ IoT-enabled luxuries, such as a coffee maker with a built-in alarm clock that starts the brewing process when your alarm goes off, ensuring that you have a hot cup waiting for you by the time you reach the kitchen.

Of course, the healthcare industry relies a lot on IoT to monitor patients' vital signs and alert healthcare practitioners when something is wrong.

Why You Need IoT Security

As IoT devices gain popularity, both in the consumer and industrial markets, threat actors have taken notice. An IoT device can supply another possible entry into a vulnerable network. In fact, attacks on IoT devices have increased . While embracing IoT devices can increase your productivity or give you valuable insight into your company's processes, if you're not careful, you could be providing attackers with an exploitation target (or even a fleet of exploitation targets).

Originally, IoT devices were designed with a functionality-first mindset. In other words, the device does what it says on the box, and security is mostly an afterthought (if it's added at all). Nowadays, IoT device design considers security to be part of the process, but there are still many devices that ship with insecure defaults or overly permissive access controls.

Some of these bad security configurations include the following:

  • Weak default security credentials .
  • Invisible IoT devices, meaning IT departments aren't always even aware when devices are deployed on a network.
  • Infrequent security updates, meaning an older device can have multiple vulnerabilities. Even if IoT devices do receive updates, they're hard to patch .
  • Limited integration with other security measures, such as single sign-on (SSO).

Securing your IoT devices and securing access to those devices are crucial parts of your security implementation. Regular audits should be completed, and access controls and methods should be reviewed from time to time.

How You Can Enable Secure Remote Access to Your IoT Devices

There are several different ways you can secure your IoT devices, and you'll learn about some of the most popular options here. Some of these options are more traditional, such as firewalls or IoT gateways , while other options offer an alternative method.

Firewalls

Firewalls are a common network device that you can deploy to your network. A firewall commonly sits between your local home or corporate network and the internet.

You configure a firewall to allow only certain types of traffic or certain addresses or hosts to communicate to devices behind your firewall from the internet.

A firewall is a valid method to protect the IoT devices on your network from the general internet. However, depending on the restrictiveness of the firewall rules, you could still be allowing bad actors to access your IoT devices unless you have them properly locked down.

If you have a large amount of IoT devices, managing the firewall can be a tedious process.

Secure Shell

Secure Shell (SSH) is a remote access protocol with strong encryption defaults and security configurations that allow for authentication methods, such as public key authentication . It's a widely accepted industry standard for establishing secure connections to servers, ensuring secure access, secure file transfer, and more.

Unfortunately, not all IoT devices support the SSH protocol for access, and even then, managing key rotations and key deployment to multiple users can quickly become an administrative nightmare.

IoT Gateways

An IoT gateway can be a physical or virtual device that serves as a crucial intermediary between IoT devices and the broader network infrastructure. It plays an important role in aggregating data from various IoT devices, processing it locally if needed, and then transmitting it securely to the cloud or other backend systems.

One of an IoT gateway's key functions is enhancing IoT device security by implementing robust authentication and encryption protocols, effectively safeguarding sensitive data from unauthorized access or manipulation. By serving as a centralized control point, IoT gateways enable and complement the implementation of security measures, such as firewalls, intrusion detection systems, and access controls, by providing a single point of access for all IoT devices. This, in turn, fortifies the overall security posture of IoT ecosystems.

It's important to note that you need to enforce and audit the use of an IoT gateway to make sure that all eligible devices make use of the gateway and don't bypass it.

A Possible Alternative: Configure a Mesh Network

Alternatively, you could add and/or configure your IoT devices to become part of a mesh network. For instance, NetBird is an open source mesh VPN platform that lets you quickly join peers in your mesh network simply by installing the client and authorizing the new peer. It makes for a zero-config VPN experience that you have to experience for yourself.

Built on top of the performant and lightweight WireGuard VPN protocol, the NetBird mesh network is secure and easy to configure. It supports many different operating systems and can even be installed in a container system like Docker .

NetBird mesh

Secure Your IoT Gateway Using NetBird

You can install NetBird on your IoT gateway to let your gateway become part of the mesh network.

For further security, you can isolate your IoT gateway from the public internet and make it available only to other devices that are also joined to your mesh network. Suppose all the IoT devices connect only to the gateway and are segmented to a private section of the network that cannot route to anything other than the gateway. In that case, you've effectively isolated your entire IoT fleet from the internet.

Secure Your IoT Devices Even If You Don't Have a Gateway

Because NetBird supports installation on so many different operating systems, you can install it on any PC acting as a router or even an OpenWRT -compatible router:

Diagram showing NetBird running on a compatible router

While you don't have the central data-gathering capability of an IoT gateway, you effectively have the same protective isolation as long as the router or PC is configured to connect only to other mesh devices. This makes your IoT devices accessible only from other mesh-connected devices, which could even be a mobile phone of an administrator if needed. Storing data collected by the IoT devices in the cloud or any remote storage becomes an easy task a well, as the gateway can have a direct connection to the storage system.

With the network address translation (NAT) traversal capabilities of NetBird, you should get a direct connection to your devices without resorting to special networking configurations.

Other NetBird Security Measures

Once your devices are safely located on a private mesh network, NetBird offers even more security features to further enhance the security posture of your IoT fleet.

Posture Checks

The NetBird client can be configured to allow only devices that meet a certain security posture. The posture checks are configurable and can be set to check certain variables before allowing a device to make a connection. Some of these variables include but aren't limited to the following:

  • NetBird client version check
  • Geolocation check
  • Network location check
  • Operating system check

Only once a client has passed all the checks will it be allowed to connect to any device or resource on the mesh network.

Create a posture check

Authentication

NetBird fully integrates with your existing identity provider , and you can enable security measures such as SSO and MFA .

Auth

NetBird SSH Server

NetBird has an embedded SSH server running on each NetBird client. On any device that runs the NetBird client, you can enable SSH access via the console.

The NetBird SSH server takes care of public key deployment and rotation. As long as you're an authorized user, you can SSH to any device that's allowed for your user via the access control list .

Conclusion

In this article, you learned about IoT devices and their growing popularity and general usefulness. You also learned that it's dangerous not to secure your IoT devices as they could provide an attacker with an easy path into your network.

Finally, you learned how you can use methods such as firewalls, IoT gateways, and mesh network configurations such as NetBird to not only isolate your IoT devices but also securely access them when you need to.