One practical thing that could help (beyond the usual patching and setting passwords) would be to seperate your networks -- client devices on one subnet, IOT on another, servers/nas etc on another. Ensure that private IPs are disjointed (say 10.65.34.128/28, 172.29.34.0/27, 192.168.14.208/29 etc). That adds layers of obscurity.
Enable multicast between them, pretty tricky for a XSS to know which networks your IOT devices are on.
Other things you can do (like only allowing control of IOT devices from a separate admin network for instance) is a matter of security vs convenience.
2 comments
[ 3.6 ms ] story [ 10.7 ms ] threadEnable multicast between them, pretty tricky for a XSS to know which networks your IOT devices are on.
Other things you can do (like only allowing control of IOT devices from a separate admin network for instance) is a matter of security vs convenience.