Raspberry Pi, Arduino – IoT
The internet of things (IoT) is driven by smart sensors, monitoring sensors and programmable controller boards. Small Biz PC, before becoming Small Biz PC pioneered these devices in the 90’s for measuring air quality in an Oregon paper mill. These devices were and probably are recording the data in a Microsoft SQL server database for quality assurance and work place safety. Today, these devices are more prevalent than ever. The Rapsberry PI, and the Arduino boards were designed as play things if you will, for the purpose of educating less that wealthy, but no less intelligent school kids. These devices have blossomed into more than a dream. They power Baby Monitors, Door Bells, the electronics in cars, and even take a ride to space aboard space X. Since Small BIZ PC is mobile and mostly off Grid, we even use them to monitor the power to our business and home.
If you glance in any any direction, where other humans have been or currently reside you are probably in making contact with an IoT device right now, even if you have never so much as possessed a bank card or drivers license. This growth of IoT outpaces a Santa Ana Wild Fire in hurricane. This technology is here to stay, it is used to track our every move, and for some our every breath, heart beat or muscle movement. It can even control who has the technology to buy, and who has the technology to sell. One day this technology will be globalized, centralized and will secure the world economy. Great as all that sounds, IoT is not there yet, and it does not come without risk.
Manufactures of these devices, just get them to market, often use manufacturer default passwords, leaving back doors for monitoring functionality, so they can make the next one even better. This has lead to babies unwittingly being live streamed from their cribs to YouTube and other social media sites. Women being spied on by their own security cameras and having images sold of them au naturale on the internet to the highest bidder. Some women have even been sexually harassed by voices in the cameras. These problems, are not one offs, they are a rampant. Google security cameras and sexual harassment. The FBI can know who is at your door before “Ring”announces your visitor. No matter how many privacy policies you read, you have no protection. Since the dawn of time, no bugler has been concerned with your privacy. Even a pregnant women get more privacy concerns from her gynecologist than what you will get from these guys.
As the music group “Poison” once said; and still holds to true in my world. “Every Rose, has its Thorn” These wonderful IoT Devices have a dark side, and I mean every one of them. With all the good they do, when one acquires such a device he must realize it is a Trojan horse, should one with bad intentions gets hold of its internet address, Blue tooth address, or Wireless signal. Since they manufacturers say “Oh” it is only a harmless baby monitor; Who would want to exploit that. So passwords are easy, addresses are readily seen. It is our advice that one should purchase these devices from solid vendors such as Mattel, IBM and others, and stay away from devices made under GNU if security is a concern. Companies like IBM, have brand reputation to uphold, and can be sued for negligence. You have no rights under GNU, (Open source licencing) and often the companies producing these devices under GNU alone do not have the financial clout to support you if something really bad happens.
This article really focuses primarily on Arduino and and Raspberry PI in the corporate environment. These devices are used by executives to enlist less expensive PC’s, display data, or other single task situations where security is not as much a requirement. The problem is that software containing (Bots) used to attack large targets come in from outside. Something as simple as USB drive, a compromised blue tooth, wireless signal or an application can be a conduit to this rogue code. Since the PI was not setup with this as a consideration, and could be an unknown device in someone’s lunch sack the PI suddenly becomes a nightmare for IT security, and for the reputation of the corporate network and in the end the integrity of the whole company is at risk. Just one mis-managed electronic item, can cause contracts to be lost with vendors, credit card companies to pull the plug on a business, and just Brand reputation. A device like this was the hub of mass destruction for Target not too many years back. Good thing for Target, they had the resources to fight for their corporate life. This, is a luxury that small business just does not have.
So what are these little devices that we speak so highly of, and warn just a tenaciously about? Here is a quick primmer.
The primary operating systems used with a raspberry PI, are like this
Raspberry pi – Desktop (Debian- Linux flavor. Graphics UI is equal to OS2 WARP revealed by IBM in 1992 in case there is anyone as old as us who is reading this. Windows OS came out shortly afterward. Windows was bit less clunky, but we were won over to Windows because we were already developing in C#, Power Builder , and Microsoft SQL server on OS2. We were busy developing a world wide application that managed the Legal use of developing tech for intel. Security was not our biggest issue back then, we had passwords, and the links though global, were internal. Just keeping the file cabinets off the Arcnet cabling, and BNC terminators in place is all we really worried about. Outside of Kevin Mitnik and the movie “sneakers” security and software updates where unheard of. My 2400 Baud modem linked to my soon to be spouses network server I built using two Microsoft Mail servers and techniques learned during our Mail Migration at Central point software in an internal network comprised of mostly private lines were the things of the day. Debian, really has no shaken that nostalgic look and feel. Debian or Raspian have an update feature, but the end user needs to keep up with where the working APP server are and monitor the ones that work, and the ones that don’t. Though the Debian OS is may favorite and perhaps the most user friendly of the flavors of Operating Systems available for PI. in my opinion, it is not ready for the masses. If it were not for Open Source and no way to make a living, I would make it a point to further develop the OS to go head to head with Microsoft Windows. Windows 10, has to be the least useful OS Microsoft has ever developed due to it’s update cycle and options.
Small Biz PC spends tons of time and money attempting to keep the updates hidden from the corporate desktop so our users can work with out 30 minute to one hour outages while their systems perform updates. Microsoft will let you exclude updates for up to 12 hours. Many of our customer PC’s require a minimum window of 20 hours. This lack of customization hurts. We used to be able to plan around update Tuesday and we could release the updates on our schedule on a weekly basis with our tools. Now Microsoft sees fit to override our update schedules, and with some critical updates, even WSUS can’t stop them from taking out critical systems. So Debian is very appealing to Small Biz PC and thousands of tech people like us, and we are watching it very closely. It is no where near prime time business use however, and Microsoft is not yet in any danger. One other contender is Google Chrome Books, but Google is finding out that bringing products to market is not cheap, and even with their best efforts is losing ground due to expense and complexity. In our mind especially with the Release of Mohave and MAC Catalina MAC’s taking over in a mixed network environment is more a pain in the back side for IT. We are still supporting the ever so staunch MAC special interest groups. MAC has taken its file systems further off standard now that Microsoft has embraced many of the Linux commands that make the MAC what it is. MAC has become more expensive, the software more proprietary, while using the exact same hardware components as Windows PC. Even at the expense of the RISC chips. Adobe and others now taken what was then proprietary software packages and redesigned them from the ground up for the PC market. Our customers by and large have let the MAC fall to its death in the chasm of time. This allows on Corporate America to focus on IoT and Windows based operating systems for now. Keep in mind, that when the dollar bill is involved no one is too big to fail. Amazon and Microsoft need competition to keep us all on our toes. Who will the players when our grand kids fill our shoes. Probably not Windows or Raspian, but for now, we are going to focus on the risks of today and how to cope in the darkness with infant technology and a sea of raging pirates.
Ubuntu Mate – Ubuntu Server are the most stable of the operating systems and the most secure. – We love the granularity of this operating system, and with a solid IT department that has time to maintain it it is really unbeatable. It is script-able, difficult for a novice to operate, but the server is used successfully and safely by large companies. Can be managed by SSH. Ubuntu, is not 100% un beatable out of the box, we have some competitors that make it a point to take us down from time to time to keep us from becoming too proud of our work. . They have cracked our Ubuntu servers on Godaddy a couple times using SSH, as well as the servers Godaddy maintained for us. They also cracked our Mac IOS devices using some folks in Africa a leverage in to our I-phone accounts. Two factor Authentication and again learning mainstream technologies and paying vendors who are large enough to have skin in the game, we have been able learn how to protect ourselves. Customer data was not at risk, because we do not store it online and we maintain physical security. What this illustrates is no operating system vendor by themselves is good enough to protect you in the computer world, especially with IoT unless you protect your self, and you know you are never completely secure. We request our customers use stringent password policies and two factor authentication for good reason. You can bet we use biometrics at Small Biz PC with two factor authentication. Customers that scoff at our security recommendations don’t make us look good, and companies that are dead, force us to spend more on time and marketing than providing us a profitable conduit for revenue.
Windows 10 Iot Core is a great place to start – Large company, large technology investment, a brand to protect, while no one is too big to be sued for negligence. Sometime big vendors don’t provide all the functionality you want and need. This is because they can’t afford to mess things up. It is bad enough when the tried and true provides a black eye, like in the case of the Windows 10 updates, and the ever roving support tools needed to keep the OS Viable. Microsoft is not perfect, but we highly suggest you start there. They built IoT from the ground up knowing that functionality without security is worse than useless, even the federal government is not strong enough to protect you if they don’t build in security first. Someone stole the federal security clearance database using the finger print scanners. The hackers now know some of us at Small Biz PC are, who, and where our family and friends are. Good thing we are just techs. We are still haunted by this security breach, Experian contacted us just the other day with another attempted identity breach for us at the personal level. Security is not a laughing matter. Small Biz PC is forced to deal with it head on every day. We take our know how and we bring that to you. We can’t force you to be smart, but we can sure can show you what you need to get secure. Contact us today, and get a security audit of your company today.
We are not covering the operating systems designed for monitoring and sensors and robotics, in this article. Most of the companies we serve are not using this technology in a way in which we have any contact with that functionality, but the principals still apply. The rules of the game remain the same. Password protect, encrypt all communication, it would be a shame for you smart refrigerator to share its computing power with a BOT that delivers all your personal data from all your customers to consumers to the dark web just because you wanted to track the beer on hand for beer 30 on Friday.
We have to be careful with PI in the corporate word. Our clients are small business customers, skilled with business data, not programmable devices. Our customers typically do not have the people on staff and the hardware in place to properly manage and segment their networks so these devices can be properly sequestered to just their roles. Business customers give these devices full user access to all the systems and the data. This access is required to accessible for the Wiz Bang functions that are hoped for. In a network situation where Small BIZ PC has full authority we are often likely to shut devices down that move lots of data, are not recognized and or occupy an unauthorized IP address among other anti-social behaviors. Unless given a budget, and instructions to do something other than record this movement at our firewall, this is all we do. Should the traffic travel in from a an monitored area, we can’t even offer that much support. Small Biz PC, does not guarantee end user data or it’s security as we con’t control how companies use our advice.
The monitoring tools as you guessed, cost more than just putting good PC’s that are properly secured in those roles. We implore anyone interested in IoT to at least use the Microsoft IoT foundation upon which to build your processes upon. It will take longer, be harder to do, but the security it too dangerous to ignore. Take a relationship that went south at NASA hackers got hold of a rogue raspberry pi and took over mission control. This is just one one for instance in what we are trying prevent happening to our clients. Being small and obscure does not help. We see attacks in our logs day and night seven days a week even with the most obscure devices separated from online systems.
Using a Raspberry PI, is not all Taboo. One needs to approach using the devices in his business intelligently. One does not want his creation to be the device that sent his company into bankruptcy. Really looks bad on the Ol’ resume if you get my drift. Here is a twelve step program to build or launch to help you make sure your PI is a viable contender in the work place. Be sure to involve your IT staff, so that they can make sure the network is ready for our new little friends. Watch all 12 of these videos. This is you tube link to thread of videos
Make Sure Clam AV installed, and for our monitored customers make sure Small Biz PC’s monitoring software is installed and Small Biz PC has given the green light before the PI is deployed.
Don’t take our word from it. Watch a script kiddie with a PI, take out a MAC!
Again, we can’t stress enough about putting the powerhouse of Microsoft behind you when building these on a corporate networks. Here is the build sequence using Microsoft’s tools.
https://www.microsoft.com/en-us/windowsforbusiness/windows-iot (Sorry, Microsoft doe not ebedding. Guess they do not like free marketing.)
https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/securebootandbitlocker (Security instructions IoT)
We at Small Biz PC use a Raspberry PI to track the weather, track solar cell input and out put from MTTP controllers using RS438 industrial terminal cables when off grid. Data is placed on an indoor screen, to keep us abreast of the efficiency of each solar array. We then calculate a small amount of the battery state data; not using voltage, but using amps in – amps out to tell us the real charge state. That state is then sent to our personal website us to monitor our batteries from out of the office. Batteries that fall below 50% can be destroyed costing us thousands of dollars. We use Windows IoT, Node Red, Microsoft SQL Server express and Google Docs. We are not against against using PI, but the risks, and issues surrounding the devices must be well thought out, and because bad guys outnumber the sand on the seashore, when the possibility of being caught is non-existent. Security must be placed on par with functionality, or Functionality will be short lived.Think about it, if the Pro’s are compromised from time to time, are you any stronger than they are? The burglars are checking every door every second of the day to see it is locked. What state will they find your door in?