Cellular routers have become commonplace across a vast number of applications, from connectivity for remote workers to transformative transportation technologies and many more. In the rush to install and set up the device, one of the things that is often forgotten is to properly secure it so that not only is the user connecting over the network securely, but the company paying for cellular services doesn’t face massive, unexpected data overage fees.
Digi’s Professional Services
regularly advises companies who provide remote monitoring to their customers. In this model, Company A (Digi's customer) provides supporting services to Company B (Digi's customer's customer), typically in a smart cities, agricultural or industrial setting. For example, Company B might require asset monitoring of city intersections, oil derricks, industrial tanks, water management systems or solar panels.
Companies offering these services choose Digi solutions because of our longevity in IoT, our comprehensive offering of connectivity solutions, and the secure-by-design model Digi employs in designing and building our cellular routers. However, these customers may not always understand the importance of their role in mitigating security risks, and therefore do not always follow best practices.
Remote Monitoring and Security Case Study
One such customer is a large agricultural grain dryer manufacturer. The challenge was that the company had set up their routers to use the public cellular Internet. As a result, they were frequently running into issues with third-party actors being able to access their devices. Even if they couldn’t log in and make changes, these cyber intruders still generated large amounts of cellular traffic, resulting in large cellular invoices. The grain drying enterprise purchased their fleet of routers over several years, but had not established remote management and oversight practices. Therefore, there were many different versions of firmware on their deployed routers.
Working with the customer, Digi Professional Services was able to assist the team in properly configuring their external firewall services on their cellular routers to lock down access so that only authorized users could access those devices. This not only helped to prevent excessive, unexpected data usage, but also provided a more secure solution for their end customers. In addition, the Professional Services team was able to connect their cellular routers to the Digi Remote Manager
® platform, which gave the customer the ability to remotely update all of the routers to the latest and most secure version of the router’s firmware.
Adding a Cellular Private APN
The grain dryer manufacturer is exploring options for migrating their cellular routers to a private APN with their cellular carriers. A private APN essentially creates a private network on the cellular network, so that the cellular routers are not accessible via the public Internet, thus securing their routers even further and adding an additional layer of protection from unexpected data usage. They have engaged with Digi Professional Services again for another phase of support. The Digi Professional Services team will advise them and work with their cellular teams to ensure that the private APNs are built in a way to work with Digi’s cellular routers, and assist in making the configuration changes on their routers.
Private APNs are offered by all of the large cellular carriers and typically involve using either dedicated MPLS circuits or VPN tunnels to connect the customer’s network directly into the cellular carrier’s network for the devices the customer owns. These connections can be made into a customer's physical location, or into the various cloud platforms from Amazon, Microsoft, and Google.
This method allows a secure, direct connection between the cellular router and whatever applications the customer may use. In this case, the cellular connection acts as if the customer's cellular devices are on an extension of the customer's own network; while technically data flows over the Internet, the data is secured – just exactly as if the devices were physically in the customer's office and connected directly to their secure corporate network.
Digi’s Professional Services team has worked with many customers and coordinated with their IT staff, their cellular provider's team, and other third-party companies to configure and install equipment that enables these connections for our cellular routers to connect through.
Digi Professional Services recommends using the Digi Remote Manager
(Digi RM) platform for making these kinds of configuration changes. The powerful Configuration Manager feature of Digi RM provides multiple benefits in security, time and costs savings:
- Enables zero-touch provisioning to allow the firmware of the router to be updated as needed.
- Provides increased security by ensuring that the latest and most secure version of firmware is running on the devices.
- Enables the configuration changes for additional security – and for being able to use and access the private APN’s when they are built – without requiring site visits to each location.
- Provides constant, proactive monitoring to make sure devices only run the approved configuration settings to thwart tampering with the secure configuration.
- Provides automated monitoring and reporting.
Digi provides holistic solutions for IoT deployments and network management to ensure our customers are equipped to connect with confidence, deploy secure connected solutions and have the tools and automation needed to monitor, manage and maintain those deployments. Contact us
to start the conversation.