Secure Usable Browser Connections for Intranet Scenarios

The IoT Security FoundationSpecial Interest Group (IoTSF SIG) have published a ‘Problem Statement’ document for Secure Usable Browser Connections for Intranet Scenarios.

Share This Post

The Special Interest Group (SIG) have published a ‘Problem Statement’ document for Secure Usable Browser Connections for Intranet Scenarios:

Almost all consumer networking devices and many IoT devices support local HTTP/S connections for management. This browser based interface is the typical default mechanism for managing, configuring and provisioning the device.

If the management interface is hosted on HTTP, then all content will be transmitted in clear text. This includes the transmission of the administration password. Any device hosting their management interface on an HTTP connection, is therefore announcing the users passwords on the internal network.

The alternative is to host the management interface on a HTTPS connection. This option provides the assurances of encryption (the password is not passed in the clear), but the solution is unusable for most consumers because of the warnings generated.

The SIG are looking for organisations and people from the IoT ecosystem value/supply chain to help define requirements and develop solutions to address this and other IoT cybersecurity problems. If you would like to learn more and join the SIG please contact us.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

ManySecured Needs You

If you would like to learn more, or are interested in joining us,
please contact us

ManySecured

Let's have a chat

Cookie Consent

This website uses cookies to ensure you get the best experience on our website.
By using our website you agree to our Terms and Conditions and our Privacy Policy.