Hardware security has a poor cyber security reputation. Frequently customers and service providers often do not implement appropriate safeguards. Businesses and consumers typically do not change the default passwords nor update the pre-installed software. Hardware security is too easy to ignore.

Best Practice Guidelines

The following guidelines should be verified by the customer when hardware devices are purchased and/or services are subscribed to by the customer.

Default passwords

Most hardware devices ( routers, switches , firewalls , modems , telephone system units , IP end points of all kinds etc ) are being sold with universal default usernames and passwords. The customer should ensure the installer changes the password before use.

Software updates

Software resident in internet-connected devices should be securely updateable. Updates should not impact on the functioning of the device and be delivered in a timely manner.

Store credentials and sensitive data securely

Any credentials should be securely stored within hardware services and devices. Hard-coded credentials are not recommended in hardware device software.

Limit exposure to cyber attack

Security-sensitive data should be encrypted when communicating, including any remote management and control. All keys should be securely managed.

Software integrity

Hardware device software changes should be verified. When a change is detected, the device should alert operators to the issue.

Deliver resilient operation

Hardware services should continue operating functional when there is a loss of network connectivity. They should recover cleanly when power is restored. Hardware devices should return to a network operation in an acceptable , usable state and in an orderly fashion.

Telemetry data

Usage and measurement data should be monitored for security anomalies.

Data ownership and deletion

Who owns the collected data? Hardware devices may change ownership and may be recycled or disposed of. Mechanisms should be in place so that businesses remain in control and remove data from services, devices, and applications.

Easy device installation and maintenance

Hardware device installation and maintenance should require few steps and follow security best practices.