Product Manuals

Securing the LoRaWAN RF Gateway

About the LoRaWAN RF Gateway Security

The LoRa Gateway is a piece of network infrastructure and should be treated as such, and therefore the following configurations are set to help make it more secure.

  • The default administrator password must be set by the end user
  • The SSH service has been disabled
  • The telnet service has been disabled
  • The openvpn service has been disabled
  • The serial console has been disabled
  • Firmware update (.d1f) files are encrypted
  • Firmware update (.d1f) files cannot be installed unless they were signed with Dickson’s unique private key

Below are additional steps you can take to further secure your LoRa gateway and recommendations to consider

Securing the Gateway and Recommendations

Configure a Password for the Administrator Account

To better secure the gateway, a default password is not provided and the gateway will force a user to create one on the first login. To configure a secure password to protect the administrator’s account:

  1. Connect to your device and navigate to the administration page by either
    1. Connecting to the wireless access point and then going to 192.168.230.1 in a browser
    2. Connecting to the device via ethernet at its assigned IP address
  2. Upon initial navigation to the admin page, the gateway will ask you to configure a password, do so now and ensure it is secure (per your company’s password policy
  3. You will then be asked to log in using your new password
Disable the Wireless Access Point

The gateways will broadcast a wireless access point, used primarily for configuration, but it can be disabled if needed.

  1. Connect to your device and navigate to the administration page by either 
    1. Connecting to the wireless access point and then going to 192.168.230.1 in a browser
    2. Connecting to the device via ethernet at its assigned IP address
  2. Log into the device’s admin page
  3. Navigate to Network > WiFi 
  4. Click the “Disable” button in the Radio section
  5. Hit “Save & Apply”
VLAN

It is increasingly common for IoT devices to be separated from other devices/networks/equipment by the use of VLANs. If your organization already follows these practices, then it is generally a good practice to do that here as well.

Limit Physical Access

While care should be taken to limit the effects of radio interference, you may want to limit physical access to the gateway. 

This may include:

  • Locking the gateway in an enclosure
  • Placing the device in ceiling tiles
  • Placing the device in an IT closet
  • Mounting the device to the ceiling or high on a wall (out of reach)

In any situation, care should be taken to avoid interference with the antennas and radio signals.

Cellular

You can use a LoRa gateway that offers cellular connectivity instead of WiFi or Ethernet. 3rd-party gateways are available and can be configured to work with the DicksonOne application. Dickson is in the process of testing a cellular gateway; if you’re interested in testing please contact support@dicksonone.com.

Still need help?

Call 630.543.3747 today or

Scroll to Top

COVID-19: Contact our team with any questions about optimizing your Dickson products for remote work.

Submit a Ticket