Episode 51 — Defense in Depth and NAC: Segmentation for Embedded Systems and IoT
This episode focuses on defense in depth and network access control (NAC) as practical strategies for managing risk from embedded systems and IoT devices, which frequently have limited security features and long patch cycles. You will learn how defense in depth layers controls so a single failure does not become a full compromise, and how NAC helps enforce who and what is allowed onto a network based on identity, device posture, or policy. We will discuss why IoT and embedded devices expand attack surface through weak defaults, hard-to-change credentials, limited logging, and inconsistent update mechanisms, and why segmentation is a common compensating control when device hardening is not realistic. You will practice reasoning through scenarios like isolating smart devices on a separate network, restricting their outbound traffic, and monitoring for unusual connections that suggest compromise. Real-world best practices will include inventorying devices, enforcing least privilege at the network level, validating vendor support expectations, and designing segmentation rules that limit lateral movement without breaking required device functionality. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
