There are many advantages to using an industrial router, DTU or switch, but as with any network connection, security is one of the most important elements when designing your system. We’ll look at several areas and where security gaps may arise in the cellular ecosystem. There are four main areas to consider:
● Outgoing data
●Incoming data
● Public/static IP address
● Dedicated IP address.
Let’s use a typical application to evaluate the security issue:
监视远程公用电源变压器的电源使用情况Monitor power usage from remote utility power transformers Monitor power usage from remote utility power transformers Monitor power usage from remote utility power transformers
In this use case, inductive loads may cause phase imbalance between current and voltage. Power companies will remotely turn on and off large capacitor banks to correct power factor. There are many companies that manufacture power factor monitoring equipment. These devices typically have a serial or Ethernet port as the data communications interface. The problem with this initial situation is that the power factor data to be analyzed is local, while the monitoring facilities are located tens of kilometers away, or even half way around the world.
Utilities may choose to build a suitable RF telemetry system, the cost and limited scalability of which would make it a viable solution. 4G industrial routers use standards-based IP networks to move data from remote locations around the world. In this case, the power factor monitoring device will be connected to the industrial router only through the serial or Ethernet port, allowing data movement. By definition, serial ports do not have addresses; therefore, using an industrial router with serial port and terminal server type support enables applications to convert serial data for transmission over IP, which also inherently assigns an address.
In short: protocols such as Modbus RTU serial protocol can be sent and received over an IP network. This is also said to expose the same serial data and devices that send serial data to the same type of security risk.
If you choose not to use an IP address that allows incoming data, the device will be restricted to sending outbound data only. While this maintains security, it limits you to many of the advantages of using a cellular IP network, namely the ability to configure and manage remotely, including the ability to send commands over protocols such as MODBUS.
So where does security come into play in this use case? If the only requirement is to push data from an industrial router to a remote location or cloud-based network, then static IP addresses are not required and you can significantly reduce the vulnerability of your device or data network to attack risks of.
If your needs include outreach or configuration of an industrial router, or anything connected to an industrial router, then you will need a secure way to do so. This usually comes in the form of an IP address. Cellular network operators are happy to sell you anywhere from one to hundreds of static IP addresses, but these static addresses are public, meaning anyone can access the cellular device and anything connected to it on its network, including Ethernet and serial port. In the use case we describe, this means that power factor monitoring devices are vulnerable to hacker attacks. The same is true for any Ethernet device connected to a cellular device.
Using a VPN (Virtual Private Network) can bring you many benefits. A VPN tunnel creates a very secure connection between an IP device and other connected IP devices. An assigned OpenVPN IP address cannot be accessed unless you or a device connected to the network has the correct credentials. These addresses are static but not public, allowing controlled and restricted access to remote networks.
Keywords: 4g wireless gateway