Montgomery, Douglas (Fed) <[email protected]> wrote:
> Most of the devices I think of as actual IoT devices have no direct
> UI/shell. Your only interaction with them after initial
> “install/configure” is through their cloud web service interface.
That's true for many devices, but not all.
Even light bulbs have output interfaces :-)
> Having said that I think your model is fine.
Good.
> I would suggest detecting device reboot would be one signal to clear
> quarantine state. Since MUD “misbehavior” is mostly instantaneously
> detectable (1 packet), I am not that concerned that the device might
> reboot for others reasons and still be infected.
Device reboot probably needs an attestation to be believed.
> One might keep a counter and a time stamp of quarantine clears and if
> you a device had N MUD violations after quarantine clears in X time,
> lock it down in quarantine or completely take it off line.
Reasonable, but in the space of quality of implementation, I think.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature