-
IoT Knowledge Base
Learn the key concepts you need to know. Without the technical jargon.
-
IoT Reports & Guides
In-depth research, white-papers and guides from Pelion.
-
Blog Articles & News
The latest insights on industry trends, best practices, and Pelion announcements.
-
Events & Webinars
Upcoming events, online sessions, and expert-led webinars
-
About Us
Our mission, values, team, and the solutions we offer in the IoT space.
-
The Team
Meet our team behind Pelion's effortless connectivity.
-
Careers
Job opportunities, company culture, and the benefits of joining our team.
-
Sustainability
Our commitment to environmentally responsible practices.
-
Contact Us
- Blog Articles & News
- Considerations when Accessing IoT devices
Having robust security in an Internet of Things (IoT) setup is crucial for safeguarding your privacy, preventing unauthorised access and potential hacking. It ensures the proper functioning of devices, and avoids the misuse of your connected devices for malicious purposes. Think of it like having strong locks on your doors and windows. IoT security acts as a protective barrier, keeping your data and information private, maintaining the integrity of devices, and ultimately contributing to a safer and more secure connected environment.
Having operated in the connectivity landscape for over two decades. Pelion has continuously improved its security offering to customers peace of mind when connecting their devices to the Pelion network.
Here we explore Pelion’s three main solutions to securing their devices and protecting their data. These are DINA, Open VPN and IPSEC. Each have their own unique features and benefits and support a varying range of use cases and connections.
Considerations when Accessing IoT devices
Accessing IoT devices securely is crucial to protect against potential cybersecurity threats and maintain data integrity and user privacy. IoT devices are interconnected objects that collect and exchange data over a network, and they can lack inherent security. This may be due to either hardware or software limitations.
Without additional security, malicious actors could exploit vulnerabilities in IoT devices. They can gain unauthorised access to sensitive data, take control over remote devices, or launch large-scale attacks that affects whole systems. Breaches can have significant consequences, including personal information leaks, financial losses, and disruptions to critical systems and infrastructure.
Knowing the risks associated with weak IoT security. Pelion offers a variety of different measures that keep their IoT data secure.
Direct Inbound Network Access (DINA)
Pelion’s DINA is a unique and proprietary technology designed for secure and convenient global access to devices. It provides a temporary ad-hoc connection over the public internet to the customer’s origin IP address.
DINA allows customers to connect to their devices through Pelion’s Connectivity Management (PCM) Platform, without the need for a fixed private IP address and underlying infrastructure such as an IPSec VPN. Unlike traditional fixed public IPs, vulnerable to potential data charges from a Denial of Service attack, DINA mitigates these risks by associating a secure connection to customer’s addresses through its client. DINA does not act the same as a VPN as the traffic does not transit over an encrypted tunnel between the customer and the edge of the Pelion network. Because of this you need to ensure that the service accessed on the device uses secure protocols such as HTTPS.
For a more comprehensive overview of Pelion’s DINA solution including a list of featured and benefits please visit here
Open Virtual Private Network (VPN)
OpenVPN is a service that creates a secure and encrypted connection between devices or networks. It operates by providing a secure pathway for data to travel securely over potentially insecure networks. Pelion’s OpenVPN service provides a robust and highly flexible VPN technology to allow secure ad-hoc access to your IoT devices. This service provides client access, enabling you or your engineers to access all your devices securely from a single point while still ensuring failover capability for reliable connectivity.
Pelion OpenVPN service allows on-demand access to devices without disrupting existing VPN connections. Devices can easily be added to the network to allow for future growth.
OpenVPN works on 4 key principles
Certificate-based Security
Scalability and simultaneous multi-user access
Uninterrupted access with failover capability
Simplicity for users
Using Pelion’s OpenVPN service unlocks the potential of simple, secure, and reliable IoT device access for your business.
For a more comprehensive overview of Pelion’s OpenVPN solution please visit here
IPSEC (Internet Protocol Security)
IPSec is a protocol suite that encrypts and authenticates data at the IP layer. It’s commonly used in VPNs to secure internet communication. IPSec operates by creating secure tunnels between network endpoints, ensuring that data sent through these tunnels remains confidential and unchanged.
Pelion focuses on key pillars: scalability, simplicity, security, and reliability.
Our centralised system oversees device connectivity with a strong emphasis on stringent security protocols.
Pelion’s IPSec solutions, sits at the forefront in industry security standards. They are regularly updated and audited and have been proven to surpass all benchmarks.
We offer three main IPSec configurations:
Policy-Based IPSec: Good for simple site-to-site communications, it routes traffic based on set policies.
This is standard option for businesses that require basic site-to-site connectivity. In this setup, traffic is routed based on policies defined by specific IP address ranges. This makes it easier to set up and manage, especially for businesses with straightforward networking needs. However, it’s less flexible when it comes to handling more complex routing scenarios.
Due to the limitation of the technology itself we are not able to offer resilience via BGP or any other routing technologies.
GRE over IPSec: GRE over IPSec is an earlier iteration of a route-based Ipsec (See VTI IPsec) which combines the routing capabilities of GRE (Generic Routing Encapsulation) tunnels with the security features of IPSec. This combination is particularly useful where complex routing is required and support a customer endpoint does not yet support VTI. GRE over IPSec supports the transmission of routing protocol traffic and multicast traffic over the VPN, something that is not directly supported by policy-based IPSec. Additionally, GRE over IPSec can facilitate resilience using technologies such as BGP – something Policy Base Ipsecs cannot.
VTI (Virtual Tunnel Interface) IPSec (Preferred Option): Usually deployed as a pair of IPsecs.
This is designed for businesses with more complex routing requirements. Unlike Policy-Based IPSec, VTI IPSec uses a tunnel interface for each end of the. tunnel. This allows for greater flexibility in routing traffic, as it’s not tied to specific policies. Instead BGP can be used to route traffic across either of the two tunnels and failover of traffic can easily be controlled.
For a more comprehensive overview of Pelion’s IPSEC solution please click here
Considerations when Accessing IoT devices
January 10, 2024 — 6 min read
Having robust security in an Internet of Things (IoT) setup is crucial for safeguarding your privacy, preventing unauthorised access and potential hacking. It ensures the proper functioning of devices, and avoids the misuse of your connected devices for malicious purposes. Think of it like having strong locks on your doors and windows. IoT security acts as a protective barrier, keeping your data and information private, maintaining the integrity of devices, and ultimately contributing to a safer and more secure connected environment.
Having operated in the connectivity landscape for over two decades. Pelion has continuously improved its security offering to customers peace of mind when connecting their devices to the Pelion network.
Here we explore Pelion’s three main solutions to securing their devices and protecting their data. These are DINA, Open VPN and IPSEC. Each have their own unique features and benefits and support a varying range of use cases and connections.
Considerations when Accessing IoT devices
Accessing IoT devices securely is crucial to protect against potential cybersecurity threats and maintain data integrity and user privacy. IoT devices are interconnected objects that collect and exchange data over a network, and they can lack inherent security. This may be due to either hardware or software limitations.
Without additional security, malicious actors could exploit vulnerabilities in IoT devices. They can gain unauthorised access to sensitive data, take control over remote devices, or launch large-scale attacks that affects whole systems. Breaches can have significant consequences, including personal information leaks, financial losses, and disruptions to critical systems and infrastructure.
Knowing the risks associated with weak IoT security. Pelion offers a variety of different measures that keep their IoT data secure.
Direct Inbound Network Access (DINA)
Pelion’s DINA is a unique and proprietary technology designed for secure and convenient global access to devices. It provides a temporary ad-hoc connection over the public internet to the customer’s origin IP address.
DINA allows customers to connect to their devices through Pelion’s Connectivity Management (PCM) Platform, without the need for a fixed private IP address and underlying infrastructure such as an IPSec VPN. Unlike traditional fixed public IPs, vulnerable to potential data charges from a Denial of Service attack, DINA mitigates these risks by associating a secure connection to customer’s addresses through its client. DINA does not act the same as a VPN as the traffic does not transit over an encrypted tunnel between the customer and the edge of the Pelion network. Because of this you need to ensure that the service accessed on the device uses secure protocols such as HTTPS.
For a more comprehensive overview of Pelion’s DINA solution including a list of featured and benefits please visit here
Open Virtual Private Network (VPN)
OpenVPN is a service that creates a secure and encrypted connection between devices or networks. It operates by providing a secure pathway for data to travel securely over potentially insecure networks. Pelion’s OpenVPN service provides a robust and highly flexible VPN technology to allow secure ad-hoc access to your IoT devices. This service provides client access, enabling you or your engineers to access all your devices securely from a single point while still ensuring failover capability for reliable connectivity.
Pelion OpenVPN service allows on-demand access to devices without disrupting existing VPN connections. Devices can easily be added to the network to allow for future growth.
OpenVPN works on 4 key principles
Certificate-based Security
Scalability and simultaneous multi-user access
Uninterrupted access with failover capability
Simplicity for users
Using Pelion’s OpenVPN service unlocks the potential of simple, secure, and reliable IoT device access for your business.
For a more comprehensive overview of Pelion’s OpenVPN solution please visit here
IPSEC (Internet Protocol Security)
IPSec is a protocol suite that encrypts and authenticates data at the IP layer. It’s commonly used in VPNs to secure internet communication. IPSec operates by creating secure tunnels between network endpoints, ensuring that data sent through these tunnels remains confidential and unchanged.
Pelion focuses on key pillars: scalability, simplicity, security, and reliability.
Our centralised system oversees device connectivity with a strong emphasis on stringent security protocols.
Pelion’s IPSec solutions, sits at the forefront in industry security standards. They are regularly updated and audited and have been proven to surpass all benchmarks.
We offer three main IPSec configurations:
Policy-Based IPSec: Good for simple site-to-site communications, it routes traffic based on set policies.
This is standard option for businesses that require basic site-to-site connectivity. In this setup, traffic is routed based on policies defined by specific IP address ranges. This makes it easier to set up and manage, especially for businesses with straightforward networking needs. However, it’s less flexible when it comes to handling more complex routing scenarios.
Due to the limitation of the technology itself we are not able to offer resilience via BGP or any other routing technologies.
GRE over IPSec: GRE over IPSec is an earlier iteration of a route-based Ipsec (See VTI IPsec) which combines the routing capabilities of GRE (Generic Routing Encapsulation) tunnels with the security features of IPSec. This combination is particularly useful where complex routing is required and support a customer endpoint does not yet support VTI. GRE over IPSec supports the transmission of routing protocol traffic and multicast traffic over the VPN, something that is not directly supported by policy-based IPSec. Additionally, GRE over IPSec can facilitate resilience using technologies such as BGP – something Policy Base Ipsecs cannot.
VTI (Virtual Tunnel Interface) IPSec (Preferred Option): Usually deployed as a pair of IPsecs.
This is designed for businesses with more complex routing requirements. Unlike Policy-Based IPSec, VTI IPSec uses a tunnel interface for each end of the. tunnel. This allows for greater flexibility in routing traffic, as it’s not tied to specific policies. Instead BGP can be used to route traffic across either of the two tunnels and failover of traffic can easily be controlled.
For a more comprehensive overview of Pelion’s IPSEC solution please click here