Violations that occur in the industrial IoT domain are often critical because of specific exposures related to communication and machine-to-machine (M2M) environments. In SENECA’s IIoT Edge gateways, controllers, and servers (Z-TWS4-RT, R-PASS, R-PASS-S, Z-PASS1-RT, Z-PASS2-RT, Z-PASS-S-RT; VPN BOX 2), cybersecurity is of paramount importance. In particular, ensuring security at the Edge level enables a reduction in the attack surface. Managing data traffic to IoT platforms with a few steps reduces the potential risk of data tampering or unauthorized access such as. So let’s look at the main cybersecurity strategies adopted by SENEC devices
- Remote access mechanical blocking
This is a first and fundamental security step. Configuring a digital input as a remote access blocker mechanically prevents changes to settings from unauthorized persons
2. LAN/WAN Separation
IoT gateways/routers can be used in such an approach to provide a higher level of security. This involves properly connecting and configuring the LAN and WAN ports independently. This provides two separate networks and prevents possible attacks by hackers and malicious attackers.
3. 2-Factor Authentication
Two-factor authentication is a security system that authorizes access to an account by entering a verification code after the password. Google has made available to its users Google Authenticator, a security app that generates causal codes for two-step authentication. The app allows users to increase the level of protection of any type of account that supports the 2FA system and does not require an Internet connection to generate the codes, which vary about every 30 seconds in a completely random manner.
4. Advanced permission management
Authentication and authorization manage access to SENECA devices, so it is clearly determined whether a user is authorized to view, access, or change certain parameters.
Devices allow timely control of authorization and roles, consisting of privilege sets, by specifying the supervisor, user or group associated with them.
5. Data Encryption Algorithm.
The Data Encryption Standard (DES) is an encryption algorithm used to protect data from possible intrusion. It is based on a symmetric key algorithm, which means that the same key is used to both encrypt and decrypt data. DES is considered one of the most secure encryption algorithms in existence. The data channel encryption code both encrypts and decrypts the data packets transmitted through the OpenVPN tunnel. Access server configurations created in version 2.5 or later use AES-256-CBC as the encryption. A 256-bit or user-selectable SHA-256 (Secure Hash Algorithm) secure authenticator is associated with this framework.
6. Security Protocols
The security protocols supported by SENECA’s Edge IIoT devices enable reliable networks and infrastructure in which data exchange takes place with maximum security:
OpenVPN is an open source VPN technology used to create secure point-to-point encrypted tunnels between two computers across an unsecured network, such as the Internet. It allows hosts to authenticate with each other by means of shared private keys, digital certificates or user credentials/passwords. It uses the OpenSSL encryption libraries and the SSLv3/TLSv1 protocol.
HTTPS Server is a basic server used to transport messages. HTTPS is a protocol for secure communication over a computer network used on the Internet. It consists of communication via Hypertext Transfer Protocol (HTTP) within an encrypted connection, l Transport Layer Security (TLS) or Secure Sockets Layer (SSL) providing as key requirements. The HTTPS server uses the SSL certificate for security.
MQTT over TLS/SSL stands for Message Queuing Telemetry Transport and indicates a TCP/IP data transmission protocol based on a publish-subscribe model that operates through a dedicated message broker. For transport encryption with MQTT, the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols provide a secure communication channel between a client and a server. Basically, TLS and SSL are cryptographic protocols that use a handshake mechanism to negotiate various parameters to create a secure connection between the client and the server.
7. Automated TLS certificate management for Https.
A scalable digital certificate management platform is the best choice. The latter provides the tools needed to effectively manage and control TLS/ SSL certificates. These represent one of the fundamental security principles p as they help certify that a Web site or server possesses a basic level of integrity and privacy ensuring the secure transfer of data from point A to point B. The Hypertext Transfer Protocol (HTTP) is used to transmit data in the clear. HTTPS requests and responses are encrypted with TLS (SSL) certificates.
8. Penetration test certificate
A penetration test is a method for assessing the security of a computer system or network by simulating an attack by external or internal attackers. SENECA has obtained certification is security by an independent party, undertaking a path of compliance against the most widely used cybersecurity standards and regulations such as OASWAP (Open Web Application Security Project, an open source initiative to popularize principles of secure software development), NITS SP 800-115 (guidelines of key elements of security testing), Risk Analysis (systematic metology to define security measures and avoid risks), IEC 62443 (international standard for security of industrial control systems).