Over the past two months we’ve had the pleasure of interviewing an international panel of cyber security experts for our podcast on IoT threats. Ethical hackers, security vendors, PhD students and professors shared their thoughts on the promises of IoT as well as the challenges of an expanding surface attack. At the end of each interview, we asked the interviewees to provide cyber hygiene heuristics that the average smart home user can implement. These practices won’t make you immune against cyber threats if the NSA or FSB want to hack your computer though –they will overcome all these simple procedures to attack you, but they will mitigate attacks by less skilled actors. What follows is a summary of the top four answers, we hope you enjoy the tips and also implement them!

 

Research: Is the device manufacturer a reliable company? Do they take security seriously? Can the device be found via services like Shodan?
Avoid connecting insecure devices into your network, and always ask yourself: what would be the worst-case scenario if this device gets hacked? And act accordingly.

Segment: If a smart thing in your network is compromised, an attacker can access your entire network and cause harm; avoid this by connecting your IoT devices to a different network (vLAN) than the rest of the computers. This may require some extra hard work if you do not have the Netonomy agent installed, or a security-focused router, but it is not impossible to do and this DIY guide can help.

Password: This should be obvious, yet default passwords are the leading cause of hacked IoT devices, because default credentials are basically publicly available information. So if you haven’t yet changed some default credentials, reset your device and immediately proceed to create a strong and original password.

Update: Pretty self-explanatory. Check periodically if any of your connected devices have a firmware update or security patch release, failure to do so will leave you exposed to known vulnerabilities which can be exploited by malicious actors.

Beyond these basic cyber hygiene practices, it becomes really hard for consumers without technical knowledge to do much more, which is kind of scary. Fortunately, Netonomy’s solution is being implemented across different routers and ISPs to seamlessly bring security and control to home networks, which is the best hope we have to deal with IoT cyber threats today.

 

Tune in every Wednesday for more cyber hygiene tips you can implement in your network!

 

 

We are really thrilled and honored by this week’s podcast special guest: Prof. Isaac Ben-Israel, a leading figure in Israeli Military Intelligence, Science and Academia.

After retiring in 2002 from a successful military career in the IDF, Isaac joined Tel-Aviv University as a professor, where he currently serves as the head of the Yuval Neeman Workshop for Science, Technology and Security, head of the Interdisciplinary Cyber Studies Center, and head of the Security Studies Program. He is also Chairman of the Israel Space Agency and Chairman of the Israel National R&D Council.

In 2011, Prof. Ben-Israel was appointed by the Prime Minister to lead a task force that formulated Israel’s national cyber policy, which led to the foundation of the National Cyber Headquarter in the PM Office. In 2014, he was once again appointed by the PM to lead another task force, which led to a government decision to set up a new National Cyber Authority in Israel.

This interview is ~20 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Some people call you the father of the cyber security ecosystem in Israel, credited in large part for establishing government policies that turned Israel into a powerhouse in cyber security: could you tell us why this was necessary, and what were the factors that led to its success?
My definition for cyber threats is everything related to “the dark side of computers”. We built the positive side of computers to make our lives better, but this created a dependence on computer chips, which can be used by bad guys –and there are always bad guys – not for the benefit of our society, but against it. This is what I call the dark side of computer communications.
When I was called by the PM in 2011 to prepare a 5-step national plan of government policies for future cyber threats, I told him on the spot that no one can really forecast the cyber threats three or five years from now. Because one generation in computer time is one year, predicting five generations of computers would be like predicting human life in one hundred years, which of course no one can do.
I told him the only thing we could do was to build the right ecosystem, namely: educated people and organizations that will know what to do when new threats emerge in the future. We didn’t start from zero; we already had quite a developed high-tech ecosystem, therefore what we did was to shift it a few degrees towards cyber security, which is why today the ecosystem plays such a big role in Israel’s role as a global hub for cyber.

Can other countries replicate the success of Israel?
Technologically, Israel can do things that can’t be done in the developed world. We have certain elements that are non-existent in other countries, such as compulsory military service. In Israel, every 18-year old has to do three years of military service and we send them to the units that fit their skills, so if they are good with computers we send them to units dealing with computers, including cyber warfare. When they return to civil life, they bring back skills they learned during the service, and this gives us an advantage over other countries. Other countries won’t do compulsory service, unless they have real strategic problems, like being a small country surrounded by hostile environment.
But other elements can be copied, such as the idea of an ecosystem and the need to develop educational programs. For example, and this was one of the 13 recommendations I submitted to the government in 2011 (all of which were accepted and turned into resolutions), we are the only country in the world to have matriculation examination, and can choose cyber as a subject for matriculation at the end of high school. Two years ago we also began to teach cyber security in elementary schools, the same way we educate them how to cross roads at a very young age, we are teaching them how to live in this very connected world. Every university today also teaches cyber security, unlike the rest of the world were you can learn computer science or computer engineering, but not cyber security directly. We have a cyber security research center in every university; the biggest one is in Tel-Aviv University, where I am the director. We also have a National Cyber Week to raise Cyber Awareness, with hundreds of events and conferences with international guests to discuss new ideas, and at the end of the day these are the things that make Israel one of the leading countries in cyber technology.

A large problem in cyber security today is the exponential growth of insecure IoT devices touching every corner of our lives. How do you think we can effectively mitigate these emerging structural risks without having to reinvent the Internet?
IoT is about putting computer chips everywhere, in every device, and enabling them to communicate with each other in an Internet of Things. As I mentioned before, cyber is the dark side of computer technology, so once the vision of IoT becomes real, the number of cyber problems we will have to solve will grow exponentially. Because it will go beyond the computers we have in our office or home, to almost everywhere.
We have to take security into account from the beginning, it’s not wise to develop IoT devices and only later think about making security patches to make it more secure. This is not the right way, we have to design the devices and communication systems from the beginning in a way that will be more secure.

What are some suggestions you have for the average consumers to reduce their exposure to cyber risks?
There are a lot of simple practices, such as using AV software in your computer, not opening suspicious emails, etc. These practices won’t make you immune against cyber threats if the NSA or FSB want to hack your computer – as they will overcome all these simple procedures to attack you. But it’s like crime, for example, we lock our doors because we are afraid of thieves breaking in, understanding that those simple locks will not be a big problem for a very professional criminal, but also understanding that the non-professional ones will fail at breaking in.
We have to treat cyber security the same way, we don’t demand from police and law enforcement forces to reduce crime to zero, we understand that there will never be zero crime rate, but we demand from them to keep the rate low enough to continue with our way of life. It’s almost impossible to take measures that will totally eliminate cyber attacks, but we should demand to keep the rate of serious attacks low enough to continue our way of life – and this is achievable.
You cannot really protect yourself as a person or business without some intervention at the national level, because you are not allowed to go after the bad guys, not allowed to spy on potential adversaries in order to protect yourself. Only the government can do that, and therefore one of the things we did in Israel, which you mentioned, is building the National Cyber Defense layer, which is in charge of cleaning the network from malware. This is something private people cannot do, so the government and private sector should work together.
 

 

 

In this week’s IoT cyber security and cyber hygiene podcast, we had the pleasure of interviewing Omer Shwartz, a Ph.D student at the prestigious Information Systems Engineering Department at Ben Gurion University of the Negev, and an active member of the Implementation Security and Side-Channel Lab under Dr. Yossi Oren.
His latest published paper is titled, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, in which him and his team analyzed the practical security level of 16 popular IoT devices and discuss how to improve their security without significantly increasing their cost.

This interview is <20 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Could you explain a bit about the work being done at the Implementation Security and Side-Channel Lab at Ben-Gurion University?
We are a relatively new lab, but with very exciting work: investigating all kinds of side channel leakage models and implementing security. My field is mainly around hardware security, but we research and work on all kinds of metrics to get information in and out of devices that are not meant to broadcast information. Some research I’ve done under Dr. Yossi Oren include a phone case that can exfiltrate phone data (location and conversations) while the user is unaware, and a project on how replacement touch-screens could be malicious and used to harm or spy on users.

How did you first get involved in cyber security and hacking, were you always breaking things?
Yeah, actually (laughing) since I was little I liked looking into things and figuring out how they work. I’ve been in the hacking community for around 15 years and always had an interest in hacking and cyber security before it became a really big and known issue as it is today. Cyber security always interested me, it’s like a hidden thing that really affects our world, and nobody really talked about it until recently, and it has a long way to go. There are so many threats that we have not seen yet, and that’s why I’m a part of this lab and studying towards a PhD, because I think there is so much to discover.

If cyber security has a long way to go, it’s probably because of the exponential growth of IoT devices, right?
IoT devices are a really big part of it. Nobody cared about cyber security before, but now that we have all these phones and IoT devices, everybody suddenly realizes that these things were never designed to be secure -they use infrastructure that was not designed to be secure.
It’s a really good place to be, from an Academic point of view, because there is so much to invest and research everywhere.

Share with us some details behind the research you conducted with Asaf Shabtai, Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices, what was the thought process that went into it?
A friend of mine had hundreds of IoT devices for some cyber security research he was conducting and, out of curiosity he asked me if I could find any vulnerabilities in them, we didn’t think of writing a paper about it.
We began taking devices apart and looking inside and noticed that all the devices were really insecure. Many, if not most, IoT devices sold today can be accessed remotely with a default password, which is usually really simple.
But we also looked into what happens when an attacker has one of your networked devices, using it as a gateway to get network information and access. So we wrote a really comprehensive analysis of the devices’ vulnerabilities and compiled a large array of techniques used, some of them already known, but gathered in such a way as to allow other people to try them and see if their devices are secure.
Other than easily and cheaply cracking the passwords stored in these devices’ hash and creating our own Mirai botnet with them, we found vulnerabilities such as devices holding private communication key in the file system. Anyone that gets that key can listen to the device’s communication. It’s really bad security practice, but it seems that in IoT the most important thing is getting a product to market and not securing it properly.

What would be your recommendations for IoT manufacturers?
I’d start with not having hard-coded easy passwords and completely disabling remote-access. Also, nobody considers attackers with access to your device, but devices should be built in a way that make it harder to reverse-engineer -this is a difficult problem, but at least it shouldn’t be so easy to reverse-engineer. All the devices we used were really easy to reverse-engineer, they have special ports in the board that allows us to connect and communicate with the console quite easily, and that’s something that shouldn’t be on a production board, just on a development board. We were actually able to get all of our information because most of the devices’ debug ports were open, which combined with weak passwords, gave us full access to install our own software. So my recommendation is to disable the debug and WRT ports, and strong passwords hashed with strong algorithms.

What would be your cyber hygiene recommendations for technology consumers?
You know, they always say that humans are the weakest link in the cyber security chain, and this is correct in a way. I would recommend strong passwords, because the current way people use them today is incorrect, they should be long and hard to crack – and one should never reuse passwords to avoid bigger problems.
When it comes to IoT devices, I would recommend staying away from unknown manufacturers. I hope some of my research will lead to consumers and researchers using our techniques to inspect their own devices and realize what is in there, and whether they are secure or not, giving power to the consumers to understand what is being sold.

For this week’s IoT cyber security and cyber hygiene interview, we had the pleasure of interviewing Aditya Gupta, the founder of Attify -a global leader in IoT pentesting and security training, with learning kits and hardware for IoT exploitation for sale at their store. Gupta has spoken and taught classes at a number of security conferences (BlackHat, Def Con, OWASP AppSec, Syscan, Toorcon) and at private training engagements for organizations worldwide.

This interview is <15 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Do you live in a connected home, with 9 or more devices connected?
When I was getting started with IoT security, I had a couple of IoT devices in my home, but I started removing them from my network as I realized how open and insecure they are. You can’t live in a home where you have a lot of vulnerable devices that can invade your privacy.
Now I have like 3 devices that have been extremely vetted and the security is pretty strong.

What led you to create Attify?
I started Attify around 5 years ago, with the initial plan being to help companies secure their mobile applications – which was pretty big back then. But as we evolved further, we realized that IoT was going to be a real beast, with tons of extremely insecure devices. My academic background was on electronics and telecommunications, focusing on how hardware embedded devices and communications work, and doing research on hardware security. Based on that experience, we started our IoT security offering, figuring out different IoT security threats and later offering a training course called Offensive IoT Exploitation to help people figure out how to assess or find vulnerabilities on their own IoT devices.
There are tons of materials available online for people getting started in any generalized topic of security, from blogs to tutorial videos and trainings. But two or three years ago there was not a lot of content available online for those interested in learning IoT security, and that’s why we created a systematic and methodological approach to learn IoT security in an intensive 3 or 5 day class.

In addition to creating great content, Attify sells IoT hacking tools and learning kits for researchers and makers… is this a shift in the company to focus on training the next generation of information security professionals over consulting?
There is definitely a huge need of awareness in terms of IoT security for all companies interacting with IoT devices; they definitely need IoT security education. I would say that we are gradually focusing more on the training aspect of the business, because that is where the entire industry is paying more attention to, they want to learn how to figure out the security issues in these kinds of devices.

Tell us a bit about The IoT Hackers Handbook, who is the book written for?
The book was written for anyone who wants to get started with IoT security with absolutely no previous background in it, giving them an in-depth introduction to each of the various IoT components.

Good cyber hygiene practice recommendations: What can users that have smart things do to stay protected?
This is pretty much the need of the time now because a lot of consumers are introducing so many new devices, but there are not that many things that consumers can do at this point to secure themselves from IoT security threats, which is kind of scary. But there are definitely a few steps which they can take to make themselves secure:

  • Network segmentation: making sure that the new IoT devices are in a different network.
  • Making sure the new IoT device does not have any public vulnerability online, which anyone can look up and attack your device.
  • Making sure that the company making the device is proactive when it comes to security.
  • Invest in solutions that can help analyze and monitor the home network traffic (i.e. Netonomy) and alert you when something wrong is going on.

If you have some technical background, its always good to do some research on the device before introducing it home. This is something I always do, even though it takes a lot of time, you get the assurance that your device is not recording or spying on you.
If you are a company, its always good to have an internal pentest before introducing a connected device, smart coffee machines can leak your WiFi credentials. We have to wake up and smell the coffee; I’ve seen so many IoT devices leaking sensible information. And it’s going to get much worse unless enough attention is paid to these kind of device in the future.

For our fourth and last podcast of the year, we are very happy to have Aviram Jenik, who has been involved in the fields of encryption, security vulnerabilities detection and research from the early days. Aviram is the founder of Beyond Security, a cyber security company that develops vulnerability assessment tools used by governments and companies worldwide to secure their networks, applications and hardware.

This interview is ~15 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Why did you decide to get involved in cyber security?
If I have to trace back what was probably the trigger for me, it would be a movie from the early 1990s, called Sneakers – about ethical hacker’s work. Ethical hackers doing social engineering and going into organizations to show them how they can hack in, pointing out the vulnerabilities, both physical and in computers. Of course at that time there was no internet, so if you had to hack a computer, you had to first get into the building. They were doing all of that and it was just awesome, so I watched it and thought: “wow how amazing would it be to do this for a living, to try to hack stuff or to find vulnerabilities in organizations by actually doing the attacks?”
So my really young self is looking at my old self and hopefully is really impressed, because that’s what we do today – ethical hacking, and I think that’s pretty awesome. That was maybe the seed that directed me toward cybersecurity, and specifically hacking.

What security trends or technologies get you excited or, alternatively, afraid of the future?
I’m really excited about getting rid of passwords; authentication is getting a lot better, much more than people realize. We’ve had a problem authenticating and preventing others from stealing passwords since the first login page, and it’s been a cat and mouse game ever since. But today it’s very difficult for someone to break in your phone, the FBI has a difficult time, yet it’s very easy for you to open it -you probably do it 50-100 times a day, for sure.
Think about that quantum leap: passwords were inconvenient to authenticate and the attacker had lots of ways to go around them. Today we are almost at the stage were one can easily authenticate against so many things, devices, and apps everyday, in a really reliable way. Soon we will get to a point were, just like we got rid of phone numbers, we are going to get rid of passwords, so that’s pretty exciting.

What gets me worried is how fast we are closing the distance gap. In the past, if you wanted to hack my car you would have to come physically close and do something in the car, or stand within close distance to try and duplicate the signal of my key. But today, you can hack my car from anywhere in the world, you can seat in a cyber café in Africa and hack my car in CA, now that’s scary. And its not just cars, but webcams, refrigerators, smart TVs, light bulbs, AC … and who knows what’s going to happen next, that is scary. That closing of the distance gap is scary. Because that means living in a safe neighborhood doesn’t mean anything anymore, because there is some bad guy in the world somewhere that can do bad stuff to me.

So tech is making our lives more convenient, but should we be paranoid about all these connected devices that we are bringing into our home?
Depends on who is “we”. If I’m a consumer, I would not be paranoid, at least not yet. I think we are still doing a reasonably good job at providing relatively secure consumer devices. There are attacks that we hear about, but they are not in a huge devastating scale yet, and we are doing a fair job at fixing them relatively quickly. Think about the recent Mac OS root password problem, that was fixed in 24 hours, so it doesn’t happen a lot and then we fix it quickly, so as an end user I wouldn’t be too paranoid.

On the other hand, as a vendor or if you are involved in security, be very paranoid – because if we screw up, the damages could be catastrophic. I’m old enough to remember the Y2K bug in 2000, back then nothing happened, but that kind of thing might happen again if we are not diligent about security. So if we miss something, some bad guy out there could take over a billion IoT devices around the world and maybe kill millions of people.

I’m not saying that to scare people, as vendors and security professionals, we have to make sure we are diligently keeping the internet safe, making sure devices are reasonably secure and fixing stuff quickly. So as a security professional, yes I’m definitely paranoid, as an end user – you know, I got all these digital gadgets, so I’m not paranoid.

What are some good cyber hygiene practices you would recommend to consumers?
Just like we try to find quality products whenever we buy electronics or things for our home., similar heuristics apply for security. Before bringing any product with a chip and connectivity into your home, try to find a brand with a good reputation, check for reviews online, think of worst-case scenarios if it got hacked, and act accordingly. I’m a little more comfortable if the device is from Google, Amazon or Apple, but if it’s an unnamed company from nowhere, I want to read the reviews. Don’t be paranoid about it, just think about those options, if you put a device that records your voice: what other things will it record? If you bring something with webcam ability: where will you place it?
By the way: being hacked is not the end of the world, right? Think about the worst-case scenarios, maybe it’s not so bad and that’s ok.

 

For this week’s podcast we had the honor of interviewing none other than Ted Harrington, executive partner at Independent Security Evaluators (ISE) – security researchers and consultants widely known for being the first company to hack the iPhone. Ted drives thought leadership initiatives at ISE and is one of the organizers of IoT Village, the popular new hacking concept focused on connected devices, he is also an`organizer of SOHOpelessly Broken, the first ever router hacking contest at esteemed security conference DEF CON.

We recommend you visit their website and check out their amazing “knowledge” center, full of great case studies, papers/publications, presentations and an updated blog. This interview is ~15 minutes, feel free to listen to it below or go ahead and read the edit. Enjoy!

Would you say you live in a connected home, with 9 or more connected devices?
I would say pretty much everybody does, because when you start talking about routers, laptops, smart phones, wearables…things of that nature, it all adds up pretty quickly. So even people that would not consider themselves to be in a smart home, would definitely qualify as living in a connected home.

What percentage of connected devices would you say are vulnerable to hacking, is it all of them?
One should never make generalizations about anything. But what we’ve seen through our security research and assessment practices, as well as the events that we’ve organized, is that security flaws really are systemic across the connected device industry. The data suggests that these security issues aren’t necessarily relegated to a particular device type -it’s not just that light bulbs are a problem, it’s basically all of the devices that we have been looking at through different channels. And we’ve also seen it across pretty much all of the manufacturers that we’ve looked at, from large enterprises to small startups that people haven’t heard of yet.

In brief, it would probably be irresponsible to say that all devices in the connected home are vulnerable. But the research has shown that, in the current market, many connected devices really do have some security challenges to them. The likelihood is high that one or more devices in a given home have some security vulnerabilities.

Why do you think this is the current situation?
I believe it’s primarily due to market forces. When you think about the evolution of any technology that is transformative, you see a similar trend.

In the first stage, someone innovates – the idea of making traditionally analogue devices to communicate, and spawns a movement. That creates the second stage, where there’s a rush to the market, and companies provide solutions because the marketplace is thirsty for the solution. So it’s truly driven by economic factors, because people want to buy these things, and companies will supply these things. That rush is so powerful right now that it is really omitting security in many cases as part of it. That’s not to say it’s true in all cases, and I do want to make that point really clear, there definitely are connected device companies taking security very seriously, doing a great job at it. But in the aggregate, most are really rushing to market without adequate security to supply solutions to satiate demand.

Do you expect this trend to continue?
I think it will get worse before it gets better. Eventually I think things will get better because of this progression that I was describing before, when transformative technologies are introduced. And there’s a third stage. The first stage is the innovation that creates an explosion that creates a marketplace, the second stage is the rush into the market where solutions are introduced and security is not a development priority, and the third stage (which is a very long stage) is where security experts eventually get their message hammered into the operating principles of the companies in these marketplaces, and they start to implement security. Overtime the marketplace overall gets to a place where it has a much better security posture.

However, that takes a really long time to happen. We are in a rocket ship of adaption right now, more and more companies and people are going to buy more and more connected devices, more and more different types of things are going to start having connectivity to them where they might previously not have had, and that’s going to lead to a very expanded attack surface. Meaning, there are just going to be more and more ways for attackers to attack whatever it is that they are trying to go after. And we’re going to have to go through that, unfortunately, before the marketplace really starts to shift. So it will get better, I hope, but it’s going to get worse before it gets better.

A great initiative by Independent Security Evaluators (ISE) to increase cyber awareness is the IoT Village event, could you tell us a bit about that?
Security research conferences have what’s known as a village concept, which basically focus on different topics to get security researchers focused on an issue. We’ve been working with DEFCON for a few years now to organize the IoT Village, and we take it beyond DEFCON to a number of conferences throughout the US, and are in discussions right now to bring it to a few places around the world (Tel-Aviv coming soon). What we do at IoT Village is to try and get together a number of security researchers and manufacturers and really collaborate on these security issues that we are seeing. We have security researchers come and present research that they are publishing, have contests where we buy a bunch of devices and we say: ok everyone, let’s hack away at these and lets find some vulnerabilities, and we’ll do contests of a more traditional Capture-the-Flag style. Basically what we are really doing is shining a spotlight on cybersecurity as an important topic in this tech domain, which is IoT. And then, of course, we work with our friends in the press and media to publish it so that we can hopefully be that catalyst for change to shorten the lifecycle from where we are today, to that future [3rd] stage where hopefully we’ll be in a more secure and resilient posture.

You also organize SOHOpelessly broken, were the focus is router security
Yes, SOHOpelessly broken was the first router hacking contest ever at DEFCON, and it actually spawned out of some router hacking research that we had done immediately prior to that. SOHOpelessly broken has grown in its scope to cover other connected devices, but its root is around router hacking. We have a paper that we published that’s available as a free download from our website and it analyzes the research that we did that was the impetus for SOHOpelessly broken. Basically, we looked at all of the major popular SOHO routers and tried to see whether they were vulnerable to remote and/or local attack, and we found that every single router that we looked at was vulnerable to at least one of the two. It was about 56 different security vulnerabilities across thirteen different router models. So SOHOpelessly broken is now getting a community of people to poke at routers and other devices, and it usually runs right alongside the IoT village.

What are some heuristics you would give to the average consumer when it comes to network security?

First and foremost: Change the default passwords.
When you get a router, either from your ISP or your own, it’s going to come with default credentials which are usually pretty basic – and even if they look complex, you want to change those passwords, because those default credentials are basically publically available information. All someone has to do us is a quick Google search and they can know based on a given model what the default credentials are. There’s a tool known as SHODAN, which is a search engine for connected devices, so an attacker can just research and find these devices online, and by knowing the default credentials, can start attempting to use those and in a huge percentage of cases they’ll be successful because people don’t change the default passwords.

That’s actually how the Mirai botnet was successful last fall, by exploiting the fact that people don’t really change default passwords. So first and foremost: change the default credentials, because it’s basically like not having a password if you don’t.

Next would be really thinking about the need for certain elements of connectivity. I do not mean to say that someone should not adapt these emerging solutions. I’m a huge advocate of were IoT is going, I want to have connectivity in all kinds of things. But when you are buying a device, it’s important to think if you are buying it for the purposes of its connectivity, because otherwise…that would be a case where you might want to think: do you need the connected version of this?

If you are not actually going to benefit from the connectivity, all that you are doing is introducing new ways to be attacked, without capturing any of the benefit.