Local network-structures are growing steadily. This results in a complex infrastructure, which in turn creates vulnerabilities. As an example, IoT-Gateways are one key factor in these growing and more complex network structures. These gateways are usually on the edge of your network infrastructure. There, this gateway works as a connector between your IT-infrastructure and the internet of things.

Especially in these connectors, security is often neglected. Incidentally, this is where a critical access point to your cloud, central servers and administrator account lies. This is why it’s important that these gateways are interweaved into your safety strategy. This article shows five actions you can take, to up your security on your IoT-Gateways.

 

1. Encode Data-Traffic on IoT Gateways

One central function of IoT-Gateways is the transfer of information. This transfer can occur not just via cable but also by wireless connections or LTE. This is where the potential danger lies if these connections are unsecured. That’s why it’s important to ensure that your transfer is secure.

Data, in general, should be encoded with a strong algorithm. As soon as you choose and configure your platform, this should be considered. There are many different concepts that ensure safe and keyed data transfer. Microsoft Azure is one of the many software solutions that can be used in cooperation with your IoT Gateways.

The software has a built-in azure-encoder. Azure allows you to encode on the user side and on the server-side as well. You can also encode data while ist being transferred. This is realtime encoding provided by the azure software. It can do this via its transport layer security protocol (TLS).

With TLS, it’s even possible to check data integrity. With that, azure always knows if any data has been caught, been forged or manipulated in any way. Doing it like this, the network and gateway can communicate on publically accessible networks. Azure supports VPN-Gateways with data encryption.

Protect data saved on the IoT-Gateway

Die gespeicherten Daten auf dem IoT Gateway schützen

Most IoT-Gateways are placed in environments which are hard to secure. In central servers, you can usually lock access to it physically with certain measures. IoT Devices often stand in places far away from its infrastructure. This fact wakes it all the more important to look that the data on these systems are secured.

There are many different ways to solve this problem. One way to do it is to give the IoT-Gateways an internal hardware-encryption. This has the advantage, that even if the device is physically stolen, all the data on it is saved from unwanted access. Software like this wipes all data on the unit as soon as someone opens up the case.

After that, all data on the device is rendered useless. Microsoft Azure also offers a way to encrypt the local data. The advantage here is that the encryption key is stored on a different location, not on the IoT-Device itself. Management of those keys is maintained with Azure kEy Vault. These keys are safely stored far away from your original gateway-infrastructure.

Only the IT-admin has access to the key-vault, and he manages all access-keys. With Azure Disk Encryption, you can encrypt entire systems on a data-storage level. With volume encryption, all data that gets sent to the gateway, are instantly protected. With this method, all data processing on this gateway is also made secure. This is realised by either BitLocker technology on windows or with DM-Crypt on Linux respectively.

2. Choose the right hardware

An IoT-Gateway usually has no special requirements. Theoretically, you can choose most systems for this use. But practically this can lead to some problems. Usually, its security that takes a hit when choosing hardware that is unfit for use as an IoT-Gateway. Ist also essential to check if the Gateway is compatible with any software you plan to run.

Microsoft Azure is usually run on IoT-Gateways. Azure makes it easier to control all Gateways from a central point. It also provides some essential security mechanisms. That’s why choosing the right platform is so important for the security of the IoT Gateway.

An IoT-Gateway should also fulfil some hardware criteria. For this use its recommended to have compact systems. Additionally, it’s important that these gateways have meagre energy consumption. That way, maintenance costs are kept at a low level, because usually, IoT-Gateways are always running. Its also advised having more than one network-ports as to make it easier to integrate into a system.

Solutions from Prime Computer for your IoT-Infrastructure

Lösungen von Prime Computer für die IoT-Infrastruktur

Prime Computer has developed the Prime Mini IoT for the purpose of creating an Edge Computing System. This platform has everything that is needed in this segment. The Prime Mini IoT is an extremely compact and silent Mini-PC. Its design allows for 24/7 operation. The Prime Mini IoT is suitable for use as a gateway in the IoT segment thanks to its interfaces designed for this purpose.

That’s why the Prime Mini IoT has a normal ethernet connection as well as a dual-band Wifi and Bluetooth module installed. Furthermore, it also has two fast USB 3.0 ports and two ports with USB 2.0. It also comes with two HDMI 2.0a connections. The fragile inside is fully protected against any dust that can land on the machine. And with the VESA bracket, you can mount the IoT Device on almost all surfaces.

The built-in processor of the Prime Mini IoT is very energy efficient. Consequently, the system needs only a tiny amount of electrical power. On one side this makes the Prime Mini IoT predestined as a viable IoT Gateway. On the other, it is a perfect fit for ambitious Green-IT strategies. The ongoing operational costs stay low, and the system is environmentally friendly.

 

Benefits of Mini-PCs, made by Prime Computer, used as an IoT Gateway:

  • high reliability, as no mechanical components are used
  • low cost of operation achieved with economical components
  • low maintenance
  • multifunctional use due to compact design
  • dust and dirt resistant thanks to a closed casing
  • quick and high-level support by swiss experts
  • an ideal addition to any Green-IT strategy trough environmentally friendly and energy-efficient technology.

Systems like the PrimeMini IoT by Prime Computer were designed specifically for the use in the IoT sector. That’s why Microsoft certificates the PrimeMini IoT for use as an Azure IoT Edge client. The machine also has a Citrix Ready Endpoint certification. Go for systems like the PrimeMini IoT if you need hardware to build an IoT infrastructure.

 

3. Keep an eye on your network

Growing network structures pose new problems for companies. Even a mid-sized modern network of a company can nowadays have hundreds of devices. Some of them only connect temporarily with your network, for example, mobile devices like smartphones and tablets.

IoT systems continue to grow these structures. IoT is located at the edge of the network structure. This makes visibility of all devices even more difficult. Network management software provides a remedy here. These programs create a graphical overview of all existing systems and, in addition, produces a list of devices that are available.

Status, the IP address and warning and error messages are visible with one of these solutions. With network management software, your IT administration gets a detailed overview of your network. The status of the IoT gateways is available in real-time, even if they are located far away.

If problems occur, your IT can act quickly, which significantly improves security and efficiency. That’s how network management software helps to maintain an overview. Equally important is the introduction of a device and certificate management. This can be automated in most systems. These then take over the management and control as well as issuing of the certificates.

These client certificates ensure the authenticity of the connected systems. Each system in the network – such as an IoT gateway – receives its own unique certificate. The authenticity of the gateway is guaranteed by checking the certificate. In practice, the public key infrastructure (PKI) has proven itself as useful and secure. These digital certificates sign the data and thus ensure the integrity of the information sent.

Detect unknown systems in the network

Securing and identifying your own systems are just two of the tasks of IT management. It is equally important to search for unknown devices that connect to the network actively.

These could very well be cybercriminals that have sneaked into the network. These invisible systems, which may have found a vulnerability in an IoT device or a WIFI hotspot, could spy on data traffic, for example.

Without special tools, they remain undetected. With software like Shodan, IT administrators systematically scan their own network. These programs function like a search engine. They find all systems present in the network and thus also detect unauthorized intruders.

 

4. Protect IoT Gateways against physical access

IoT Gateways vor physischen Zugriffen schützen

Gateways are often located in areas that are outside of permanent access. This means that unauthorized actors can gain access to the devices. This must be avoided at all costs, as attackers can import malware into the network in ways like these.

Other manipulations of the gateway cannot be ruled out in the event of direct access. There are various methods for protecting these systems. Lockable cages and housings are available specifically for the physical protection of computers. These prevent direct access to the device. With its compact dimensions, the PrimeMini IoT is particularly suitable for such a setup.

Thus, the size of the overall picture remains manageable. The PrimeMini 5 is also very suitable here since dual-LAN can also be configured. Especially when even more processing power is needed at the “edge”. The gateway interfaces can be secured with locks specifically designed for IT use. Such port locks are available for all interfaces such as USB, networks or HDMI.

This ensures that unauthorized personnel does not have access to the system’s interfaces. Another option is to disable interfaces that are not required when installing the gateways. This is done via the BIOS of the system. Of course, the BIOS should then also be secured with a password. If the gateway does not need the WIFI or the USB interfaces, for example, the IT administrator deactivates them on the hardware side.

 

5. Use two-factor authentication

One challenge with IoT devices and gateways is to prevent security breaches actively. Due to their positioning at the edge of the network, this is a complicated task. It is also important to detect attempted intrusions into the systems as quickly as possible.

Security vulnerabilities are a problem, especially when they remain undetected for a long time. Conventional security utilizing an account and password is therefore comparatively insecure for IoT gateways and the connected IoT systems. If an attacker manages to gain access to the system, this usually goes unnoticed. This situation can last for weeks or even months.

Two-factor authentication (2FA), on the other hand, makes unauthorized access more difficult. With 2FA, additional authentication is requested when a login attempt is made. This method is strictly separated from the password query. There are various options for two-factor authentication. A popular one is a link to an SMS system. A PIN that is valid once is then sent to a mobile number.

The person at the gateway must confirm this. This additional layer has two advantages. First, 2FA prevents unauthorized people from entering the system, even if they know the gateway’s password. Second, the SMS alerts IT-Administrators, that a login attempt has just taken place. In this way, the responsible people effectively receive a message in real-time that someone is trying to access the gateway.

Nachhaltigkeit Berge Swiss Mountains

Go to sustainability calculator

Cookie Notice

This site uses cookies and third party technologies to provide and improve its services. Please confirm that you agree to the use of these technologies and the processing of your personal data for these purposes.

Accept Cookies Settings / Privacy Policy
Settings

The cookies used by this website are divided into two different categories. Necessary cookies are essential for the functionality of this website, while optional cookies help us to improve the user experience by adding features and analyzing user behavior. You can opt out of the use of optional cookies, which may result in limited functionality of this website.

Accept Cookies Accept necessary cookies Further information about cookies