This website uses cookies to help us give you the best experience when you visit.
By using this website you consent to our use of these cookies.
Securing the LoRaWAN RF Gateway
About the LoRaWAN RF Gateway Security
The LoRa Gateway is a piece of network infrastructure and should be treated as such, and therefore the following configurations are set to help make it more secure.- The default administrator password must be set by the end user
- The SSH service has been disabled
- The telnet service has been disabled
- The openvpn service has been disabled
- The serial console has been disabled
- Firmware update (.d1f) files are encrypted
- Firmware update (.d1f) files cannot be installed unless they were signed with Dickson's unique private key
Securing the Gateway and Recommendations
Configure a Password for the Administrator Account
To better secure the gateway, a default password is not provided and the gateway will force a user to create one on the first login. To configure a secure password to protect the administrator’s account:- Connect to your device and navigate to the administration page by either
- Connecting to the wireless access point and then going to 192.168.230.1 in a browser
- Connecting to the device via ethernet at its assigned IP address
- Upon initial navigation to the admin page, the gateway will ask you to configure a password, do so now and ensure it is secure (per your company’s password policy
- You will then be asked to log in using your new password
Disable the Wireless Access Point
The gateways will broadcast a wireless access point, used primarily for configuration, but it can be disabled if needed.- Connect to your device and navigate to the administration page by either
- Connecting to the wireless access point and then going to 192.168.230.1 in a browser
- Connecting to the device via ethernet at its assigned IP address
- Log into the device’s admin page
- Navigate to Network > WiFi
- Locate the Radio section
- If you want to use the gateway on WiFi but disable it from broadcasting, set Mode to "Client"
- If you want to disable the WiFi Radio entirely, click the “Disable” button
- Hit “Save & Apply”
VLAN
It is increasingly common for IoT devices to be separated from other devices/networks/equipment by the use of VLANs. If your organization already follows these practices, then it is generally a good practice to do that here as well.Limit Physical Access
While care should be taken to limit the effects of radio interference, you may want to limit physical access to the gateway. This may include:- Locking the gateway in an enclosure
- Placing the device in ceiling tiles
- Placing the device in an IT closet
- Mounting the device to the ceiling or high on a wall (out of reach)