Hello everyone, is there any way to make a multitech MTCDTIP-266A gateway more secure? The reason is that we are planning to connect all the university’s luminaires to this gateway using TTN, and we don’t want any intruder to take control over them. Where should we implement security measures, in the gateway itself, TTN, or elsewhere? And what recommendations do you have?
This less to do with TTS and far more to do with your network & the gateway before people start wondering if outgoing connections from a gateway can be hijacked at the other end - potentially but there’s been plenty of time for people to find any obvious issues and the gateway has very little attack surface on the connection to the gateway server. If you have remote access on it, that’s not a TTS issue.
But running a funded organisation’s infrastructure off the back of a community based network is wholly inappropriate.
First recommendation would be to learn what LoRaWAN is about. Devices connect to a network, not to the gateway. Also real-time control with LoRaWAN is a challenge. Controlling 100 lights will take a while as a gateway can just send a single downlink (packet to device) at a time and needs to observe legal limits. In the EU that means you can send a limited number of downlinks before the gateway has to pause for a certain amount of time. Not ideal for control purposes.
When it comes to security, put the gateway on an isolated VLAN that allows access from known good (management) devices only and allows out bound traffic to the Internet on port UDP/1700 (when using the older gateway software) or HTTPS traffic for newer software. (Also allow response packets for udp traffic of course)