You may recall that I am working on a mechanism known as Manufacturer Usage Descriptions (MUD). This is the system by which manufacturers can inform the network about how best to protect their products. The draft for this work is now about to enter “working group last call” at the IETF. This means that now would be a very good time for people to chime in with their views on the subject.
In the meantime, MUD Maker has also been coming along. This is a tool that generates manufacturer usage descriptions. You can find the tool here.
MUD isn’t meant to be the whole enchilada of IoT security. Other tools are needed to authenticate devices onto the network, and to securely update them. And manufacturers have to take seriously not only their customers’ needs, but what risk they may impose on others, as Mirai reminded us. Had MUD been around at the time, it’s possible that Mirai would not have happened.