Answers to iMistAway Network Security Questions
Why is the iMistAway gateway physically plugged into an Ethernet connection, and not connected to WiFi?
Since the gateway is plugged directly into an Ethernet port, the customer does not have to share their WiFi credentials with the service technician or store the credentials on the gateway itself. This approach provides an extra layer of security since the customer’s network access credentials are not known to either the service technician or the service company, nor are the network credentials accessible on the gateway. The service company may only access the misting system data and settings via the iMistAway.com web platform and mobile application. The service company does not have access to any of the gateway hardware settings. Any potential breach of the gateway device would not yield network access credentials.
Who can access the iMistAway server architecture?
The iMistAway platform is owned and managed by MistAway Systems, Inc. The platform uses multiple servers in a tightly regulated Amazon Web Services environment (AWS). Access to these servers is only available to select individuals with SSH credentials and whitelisted IP addresses. Virtual Private Networks on the server ensure groupings of like services are only allowed to speak to each other, while the out-going services to other groups are only through white-listed IP’s. Humans are often the main hole in security, and to that end, all access to our infrastructure from administrative personnel requires multi-factor authentication.
How does the gateway communicate with iMistAway?
The gateway devices communicate via the MQTT protocol over port 1883 on the customer’s router. The gateway devices also use a ping over Port 80 to confirm a live Ethernet connection. These are standard ports used by most IoT devices on the market. In fact, port 80 is necessary for a majority of devices to connect to the Internet.
How are gateways secured?
Gateways connect over SSL to MistAway’s hosted, secure server infrastructure. All insecure ports are locked from outside traffic. Reads are routed separately from writes.
How can I ensure that the gateway is separated from the rest of my network?
Your IT professional can setup a separate switch outside of your private network with a firewall in between the two. The switch used for the gateway would need public access to the internet, but would only have very strict access to the private network (where you may have security cameras, etc.).