Platform Security
Vitalpointz IoT Core/Core Lite platform is fortified with several security features. Following list provides outline of some of the security features implemented by the platform.
For IoT Device Security features, see chapter ‘Device Security’
Firewalls
The virtual machine (called droplet in digital ocean) that runs IoT Core/Core Lite image implements firewall rules that opens only the required ports and closes all other ports.
Following are ports open
80/TCP & 443/TCP: User Access
10001/TCP – 10005/TCP: Device Access
8080/TCP & 9100/TCP: for Monitoring
API Rate-limits
The cloud platform exposes REST API endpoints using few subdomains. API Rate-limits are applied to protect the resources behind the endpoint. Different subdomains have different limits in order to facilitate the differing API load requirement from different consumer types such as webUI/Device etc.
JWT Token
Most of the APIs protected by Authorized API access. Tokens are issued to API consumer based on valid user name/password. Tokens have expiry timeout, which gets reset whenever there is a successful API access. Token itself is encrypted.
Audit Logs
The Cloud platform generates events on particular occurrence. All these events are captured and stored on audit log subsystem.
Privilege based Access Control
See chapter: user management
The platform UI does not provide HTTP Access. HTTPS is the only and default option. The HTTPS service leverages Letsencrypt service to protect the portal. Letsencrypt certificate needs to be periodically updated. This update process is done, new certificate is downloaded into the customer instance of IoT Core/Core Lite periodically whenever required. This update process is delivered by vMIST server (vitalpointz Managed IoT Service).
DDoS & DNSSEC
DDoS and DNSSEC service can be added to customer instance on request using vitalpointz’ partner. Please reach out to us support@vitalpointz.net if you require these services to be enabled on your IoT Core/Core Lite instance.