Preface:
The world has been changed. Modern people all unforgotable a key word on mouth. What’s is this? The word efficiency. No matter you wait for dinner, buy lunch, queue in cinema buy the ticket. We all looking for the final expectation is quick! Right? Since our standard life without computation is hard to survival. How about cyber security. The headlines news alerts you daily of cyber incidents. Whereby manufacturer and business man satisfy your expectation. For the food, we have ready to eat noodle. But how about the cyber security solution. Any Quick and done solution available in the market? Yes, it is available. Regarding to the subject matter, below solution is the quick and dirty solution to figure out the IoT devices inside your network! Sounds like a Japan food product (Cup Noodle). Be my guest. Enjoy!
Requirement:
As of today, firm install the SIEM product is the major component to compliance standard. No matter PCI, SOX & ISO 27001 compliance standard they are all require a central log management system. The technical term so all SIEM (Security information and event management). The SIEM system carry a major powerful feature so call correlation rule. The scenario is that SIEM system will identify and filter the specifics log event of the device on custom setup. Then provide a status update (send the notification email) alert on duty IT staff what is the current situation.
Since the function is ready. We can g to next step.
What is the theory?
As we know, the ethernet mac address contains vendor ID name field (see below diagram for reference) to determine the corresponding vendor. Since this vendor ID is unique and therefore we can make use of this vendor ID to figure out the target.
Criteria (specifications):
Procedure:
Define rogue device detection on SIEM system. SIEM system is able to use the first few octets of a mac address to identify a rogue device. If so, then you could then use the vendor part of mac address to enforce your company IT policy. Avoid the IoT devices hide inside your network and reduce the insider threat. Below breakdown list is the vendor MAC address for your reference. Since my vendor ID on hand more than 100 pages and therefore not going to post here.
F8A45F Xiaomi Communications Co Ltd 8CBEBE Xiaomi Communications Co Ltd 640980 Xiaomi Communications Co Ltd 98FAE3 Xiaomi Communications Co Ltd 185936 Xiaomi Communications Co Ltd 9C99A0 Xiaomi Communications Co Ltd
84742A zte corporation BC3AEA GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD E8BBA8 GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD 8C0EE3 GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD 006B8E Shanghai Feixun Communication Co.,Ltd.
C81479 Samsung Electronics Co.,Ltd 54FB58 WISEWARE, Lda A42940 Shenzhen YOUHUA Technology Co., Ltd B00594 Liteon Technology Corporation C0A0BB D-Link International 28A1EB ETEK TECHNOLOGY (SHENZHEN) CO.,LTD 4CCBF5 zte corporation F0F5AE Adaptrum Inc. F42896 SPECTO PAINEIS ELETRONICOS LTDA 5C36B8 TCL King Electrical Appliances (Huizhou) Ltd. 90F3B7 Kirisun Communications Co., Ltd. DCAD9E GreenPriz B4827B AKG Acoustics GmbH 3C18A0 Luxshare Precision Industry Co.,Ltd. 186472 Aruba Networks 4CB81C SAM Electronics GmbH 2C3731 ShenZhen Yifang Digital Technology Co.,LTD 041A04 WaveIP 94E98C Alcatel-Lucent 50206B Emerson Climate Technologies Transportation Solutions C8EE75 Pishion International Co. Ltd CC3429 TP-LINK TECHNOLOGIES CO.,LTD. 1C7B21 Sony Mobile Communications AB BC9680 Shenzhen Gongjin Electronics Co.,Ltd 9C2840 Discovery Technology,LTD.. F89FB8 YAZAKI Energy System Corporation 709E29 Sony Computer Entertainment Inc. E0B2F1 FN-LINK TECHNOLOGY LIMITED F037A1 Huike Electronics (SHENZHEN) CO., LTD.
Conclusion:
As said, this is a fast food solution. If the above solution not suitable to your shop. The better idea is that invite your SIEM vendor to develop the appropriate solution fit for your requirement. It is now reach my lunch hour. Ok, we are stop the discussion here.
Cup Noodle please!
