If you are having trouble accessing this website or parts of it, please call 1-800-832-0034 or email [email protected] and we will provide you with assistance.
 

BLOG

Resources for Educators
& Professionals

 

Training Future Cybersecurity Professionals to Secure the Internet of Things

by  Dr. Gene Lloyd     Aug 15, 2025
teaching-iot

In the interconnected world of the internet, manufacturers have found ways to implement network connectivity for many different types of devices that create advanced communication capabilities. This is generally referred to as the Internet of Things (IoT). 

Some refrigerators can order grocery items for delivery, personal assistants can make purchases for household items, and security devices can provide live data from inside and outside of a home. This has created a greater measure of convenience, but has at the same time created some glaring security issues. 

Teaching Security on IoT Devices 

Cybersecurity professors spend a significant amount of time discussing the different security devices on a network and how they can be used to protect every element of a network. But these devices are the most effective when everything else connected to the network has some form of built-in security. IoT devices typically have little to no security built into their software and, as a result, can create large security risks on a network. Students should be made aware of these issues so they are properly prepared for even the obscure possibilities that can exist on a network. 

Every device attached to a network is a potential target for a hacker. This is something everyone knows. Computers, being the most common device connected to a network, have become much more resistant to these attacks and are not as easy a target as they were a decade ago. This makes the hacker’s job much more difficult, but technological advances have created new opportunities for hackers to conduct nefarious activity. Students should be made aware of the reasons why IoT devices can be dangerous and the methods that can be used to keep them from being an illegal entry point into a network. 

Addressing the Need for Stronger Login Credentials 

Weak default credentials are the first problem to consider. IoT devices typically ship with very simple login credentials, if any at all, and those credentials are publicly available in the installation guides or product manuals. It is not difficult for a hacker to locate the default username and password for a refrigerator with internet connectivity. This problem is exacerbated when users do not change those credentials after connecting the device to the network. One thing a professor could do is assign a project that requires students to locate the default credentials for a handful of different devices and determine how those credentials can be changed. This should be common practice when any new device is attached to a network, but it can be easily overlooked in this category. 

The Importance of Patching and Updating Software 

Another area of concern is the process of patching and updating software. Anyone who pays attention to the update process on their home or work computers knows that Microsoft is famous for “Patch Tuesday,” which is the common day when patches and updates are released for their software products. The Windows update process downloads and installs updates at regular intervals to keep systems secure from hackers. Students should be taught that this concept is almost completely non-existent with IoT devices. Cybersecurity professors should be teaching how to secure these devices using secondary methods. Some IoT devices add necessary or useful capabilities to an organization, requiring a measure of risk to be accepted. In these cases, professors can teach their students how to block or filter different types of connections to add an external layer of security. 

Implementing Network Security Measures 

One simple method is to determine the protocols used by the IoT device and filter or block portions of those on the perimeter firewall. Students at this stage of their education journey should already be well-versed in how perimeter security devices function and should be able to understand how to block less secure protocols from communicating on the internet. Professors could highlight network-attached security cameras as an example. These devices can transmit video data anywhere on the internet if an external user is able to connect to and authenticate with the device. This is a valuable capability, but students should be encouraged to only route that traffic through a VPN as a secondary form of security, which will encrypt the videos and require a secondary form of authentication. In cases where this is not an option for IoT devices, they should be placed on a separate segment of the network. 

Creating Isolated Network Segments 

We determined in the security arena many years ago that public-facing devices attached to a network should be placed in a separate enclave so hackers could not feasibly use those devices as doorways to the rest of the network. This is where we placed web servers, email servers, and similar devices that were necessary for operations but did not need to be interconnected with the internal network. These constructs have changed with cloud computing and outsourcing, but students could be shown how these types of semi-isolated network segments could be used for necessary and somewhat insecure IoT devices. The element of IoT devices could easily be added to classroom instruction and broaden the students’ understanding of this security capability. 

IoT in the Healthcare Industry 

Practically speaking, we are unlikely to find refrigerators and personal assistant devices connected to a corporate network, but one area where a significant amount of untested IoT devices exists is within the healthcare industry. Many hospitals have patient monitoring devices attached to their networks to send alerts to doctors and nurses. These are vital tools that send biometric data to professionals who may not be physically in a patient’s room and alert them to the need for immediate medical assistance. The challenge, like with many IoT devices, is that they suffer from the same problems of poorly implemented security and insecure communication protocols. In these cases, professors can easily teach for the need of blocking all external off-network communication from these devices. 

Preparing for the Future of IoT 

IoT devices add convenience in some markets and essential services in others. Like many other new technologies, IoT is likely to become more prevalent on home and corporate networks as we continue to build network connectivity into many commonly used devices. Many vehicles even include some form of network connectivity today. When new technologies are created, professors should adjust their courses to include how to secure these technologies. Our students need to best possible education on old, current, and new technologies so they can be fully prepared for securing any type of network.  

Stay Connected

Categories

Clear

Search Blogs

Featured Posts

Training Future Cybersecurity Professionals to Secure the Internet of Things

by  Dr. Gene Lloyd     Aug 15, 2025
teaching-iot

In the interconnected world of the internet, manufacturers have found ways to implement network connectivity for many different types of devices that create advanced communication capabilities. This is generally referred to as the Internet of Things (IoT). 

Some refrigerators can order grocery items for delivery, personal assistants can make purchases for household items, and security devices can provide live data from inside and outside of a home. This has created a greater measure of convenience, but has at the same time created some glaring security issues. 

Teaching Security on IoT Devices 

Cybersecurity professors spend a significant amount of time discussing the different security devices on a network and how they can be used to protect every element of a network. But these devices are the most effective when everything else connected to the network has some form of built-in security. IoT devices typically have little to no security built into their software and, as a result, can create large security risks on a network. Students should be made aware of these issues so they are properly prepared for even the obscure possibilities that can exist on a network. 

Every device attached to a network is a potential target for a hacker. This is something everyone knows. Computers, being the most common device connected to a network, have become much more resistant to these attacks and are not as easy a target as they were a decade ago. This makes the hacker’s job much more difficult, but technological advances have created new opportunities for hackers to conduct nefarious activity. Students should be made aware of the reasons why IoT devices can be dangerous and the methods that can be used to keep them from being an illegal entry point into a network. 

Addressing the Need for Stronger Login Credentials 

Weak default credentials are the first problem to consider. IoT devices typically ship with very simple login credentials, if any at all, and those credentials are publicly available in the installation guides or product manuals. It is not difficult for a hacker to locate the default username and password for a refrigerator with internet connectivity. This problem is exacerbated when users do not change those credentials after connecting the device to the network. One thing a professor could do is assign a project that requires students to locate the default credentials for a handful of different devices and determine how those credentials can be changed. This should be common practice when any new device is attached to a network, but it can be easily overlooked in this category. 

The Importance of Patching and Updating Software 

Another area of concern is the process of patching and updating software. Anyone who pays attention to the update process on their home or work computers knows that Microsoft is famous for “Patch Tuesday,” which is the common day when patches and updates are released for their software products. The Windows update process downloads and installs updates at regular intervals to keep systems secure from hackers. Students should be taught that this concept is almost completely non-existent with IoT devices. Cybersecurity professors should be teaching how to secure these devices using secondary methods. Some IoT devices add necessary or useful capabilities to an organization, requiring a measure of risk to be accepted. In these cases, professors can teach their students how to block or filter different types of connections to add an external layer of security. 

Implementing Network Security Measures 

One simple method is to determine the protocols used by the IoT device and filter or block portions of those on the perimeter firewall. Students at this stage of their education journey should already be well-versed in how perimeter security devices function and should be able to understand how to block less secure protocols from communicating on the internet. Professors could highlight network-attached security cameras as an example. These devices can transmit video data anywhere on the internet if an external user is able to connect to and authenticate with the device. This is a valuable capability, but students should be encouraged to only route that traffic through a VPN as a secondary form of security, which will encrypt the videos and require a secondary form of authentication. In cases where this is not an option for IoT devices, they should be placed on a separate segment of the network. 

Creating Isolated Network Segments 

We determined in the security arena many years ago that public-facing devices attached to a network should be placed in a separate enclave so hackers could not feasibly use those devices as doorways to the rest of the network. This is where we placed web servers, email servers, and similar devices that were necessary for operations but did not need to be interconnected with the internal network. These constructs have changed with cloud computing and outsourcing, but students could be shown how these types of semi-isolated network segments could be used for necessary and somewhat insecure IoT devices. The element of IoT devices could easily be added to classroom instruction and broaden the students’ understanding of this security capability. 

IoT in the Healthcare Industry 

Practically speaking, we are unlikely to find refrigerators and personal assistant devices connected to a corporate network, but one area where a significant amount of untested IoT devices exists is within the healthcare industry. Many hospitals have patient monitoring devices attached to their networks to send alerts to doctors and nurses. These are vital tools that send biometric data to professionals who may not be physically in a patient’s room and alert them to the need for immediate medical assistance. The challenge, like with many IoT devices, is that they suffer from the same problems of poorly implemented security and insecure communication protocols. In these cases, professors can easily teach for the need of blocking all external off-network communication from these devices. 

Preparing for the Future of IoT 

IoT devices add convenience in some markets and essential services in others. Like many other new technologies, IoT is likely to become more prevalent on home and corporate networks as we continue to build network connectivity into many commonly used devices. Many vehicles even include some form of network connectivity today. When new technologies are created, professors should adjust their courses to include how to secure these technologies. Our students need to best possible education on old, current, and new technologies so they can be fully prepared for securing any type of network.  

Tags

Clear