Talk to us:(630) 543-3747

USA
English (US)

Securing the LoRaWAN RF Gateway

About the LoRaWAN RF Gateway Security

The LoRa Gateway is a piece of network infrastructure and should be treated as such, and therefore the following configurations are set to help make it more secure.
  • The default administrator password must be set by the end user
  • The SSH service has been disabled
  • The telnet service has been disabled
  • The openvpn service has been disabled
  • The serial console has been disabled
  • Firmware update (.d1f) files are encrypted
  • Firmware update (.d1f) files cannot be installed unless they were signed with Dickson's unique private key
Below are additional steps you can take to further secure your LoRa gateway and recommendations to consider

Securing the Gateway and Recommendations

Configure a Password for the Administrator Account
To better secure the gateway, a default password is not provided and the gateway will force a user to create one on the first login. To configure a secure password to protect the administrator’s account:
  1. Connect to your device and navigate to the administration page by either
    1. Connecting to the wireless access point and then going to 192.168.230.1 in a browser
    2. Connecting to the device via ethernet at its assigned IP address
  2. Upon initial navigation to the admin page, the gateway will ask you to configure a password, do so now and ensure it is secure (per your company’s password policy
  3. You will then be asked to log in using your new password
Disable the Wireless Access Point
The gateways will broadcast a wireless access point, used primarily for configuration, but it can be disabled if needed.
  1. Connect to your device and navigate to the administration page by either
    1. Connecting to the wireless access point and then going to 192.168.230.1 in a browser
    2. Connecting to the device via ethernet at its assigned IP address
  2. Log into the device’s admin page
  3. Navigate to Network > WiFi
  4. Locate the Radio section
    1. If you want to use the gateway on WiFi but disable it from broadcasting, set Mode to "Client"
    2. If you want to disable the WiFi Radio entirely, click the “Disable” button
  5. Hit “Save & Apply”
Note Disabling the Wireless Access Point requires disabling the WiFi Radio entirely and forcing the use of ethernet (or in some cases, cellular) as the only means to connect the gateway to the internet. Disabling the Wireless Access Point will require connecting to the device directly via its IP address on your network to change any configurations needed in the future.
VLAN
It is increasingly common for IoT devices to be separated from other devices/networks/equipment by the use of VLANs. If your organization already follows these practices, then it is generally a good practice to do that here as well.
Limit Physical Access
While care should be taken to limit the effects of radio interference, you may want to limit physical access to the gateway. This may include:
  • Locking the gateway in an enclosure
  • Placing the device in ceiling tiles
  • Placing the device in an IT closet
  • Mounting the device to the ceiling or high on a wall (out of reach)
In any situation, care should be taken to avoid interference with the antennas and radio signals.
Cellular
You can use a LoRa gateway that offers cellular connectivity instead of WiFi or Ethernet. 3rd-party gateways are available and can be configured to work with the DicksonOne application. Dickson is in the process of testing a cellular gateway; if you’re interested in testing please contact support@dicksonone.com. Success