I am looking to install two gateways on two neighbouring colleges in town - our own has already been installed by my predecessor.
Rightfully, the IT departments of the two colleges have their questions about the affect on their internet security.
Is there a general implementation regarding protocol, used ports etc. or any other info relevant to prove that they don’t pose a threat or form a breach in the firewall?
Or are there maybe brand/gateway specific specs? I am looking to purchase TEKTELIC Kona Enterprise Outdoor LoRaWAN Gateway - Ethernet EU868.
Note: this is not a request regarding which gateway to buy, but how to show IT departments that they are OK to add to the network. A balanced review with pros and cons of this gateway + a suggested alternative might get taken into consideration; otherwise please refrain from commenting on that.
Given the number of gateways installed in the world that manage to hit the 10pm news with stories of wholesale breaches of home & business networks, coupled with the general use of NAT routers that need no configuration what so ever to just work and the gateway making the external connection, I think your colleagues are sending you on a fools errand or a creating make work or, to be brutally honest, are just a little too lazy to check for themselves. Because “Steven said” is not a defence when college’s servers are wiped, so they need to do their own due diligence.
Gateways run either a Packet Forwarder or Basic Station - so at a fundamental level the brand isn’t relevant and as Tektelic is a known recommended brand, I’d posit that they have done a grade A job of making sure their kit is secure. And the whole eco-system is built on some very heavy duty tech companies.
Overall with these things, this is an Elephant Gun License problem, you can’t prove something is secure, only that it hasn’t been breached.
It is also totally inappropriate to ask someone to vouch for the security of a system who is not a network specialist. If someone asked them to install a printer, would they get them to try to explain why it wouldn’t be a vulnerability. My B/W Brother laser is too stupid to do much, but the Xerox Colour Laser and the Epson A3 Colour Inkjet do love a good chat with the outside world and I can print things to them by email from anywhere in the world. The Epson has a Windows share for no apparent reason.