How to Secure an IoT Network with OpenVPN

10.12.2020
guide-image

What is a Virtual Private Network (VPN)?

A Virtual Private Network (VPN) enables encrypted, targeted transmission of data over public networks such as the Internet. It establishes protected and self-contained networks with various end devices. A frequent application is the connection of home offices or mobile employees.

Within a Virtual Private Network (VPN), different participants of an IP network are connected to form a protected subnet. The connections are encrypted in order to protect the data transmitted over the public Internet in the virtual private network from unauthorized access. Tunnel connections that cannot be seen from the outside are created between the individual participants.

Why does an IoT network need OpenVPN technology?

Technological development in the IoT area is very rapid, so security standards must always be kept up to date. Some of the data transmission is not critical because it remains locally limited, for example when a position encoder reports a distance to the corresponding controller of a machine. Other data, however, only make sense in context. They need to be routed to a server inside or outside the production environment. This second group in particular causes headaches for many administrators and production technicians today.

An IoT device with a TCP / IP network stack looks no different on the Internet from a PC, smartphone or server. As soon as there are open ports and vulnerabilities to exploit, this will most likely happen. For many companies, ensuring the confidentiality and integrity of data exchanged between all these devices remains a major challenge. IT experts must familiarize themselves with several IoT designs, the security functions of which are often not fully developed and therefore pose clear risks for data loss. IoT and M2M systems data is particularly popular with cybercriminals who try to intercept and sell intellectual property and personal data. IoT devices can also be a target for DDoS (Distributed Denial of Service) attacks. This is an IoT hacker attack to collect sensible data or cause deliberate infrastructure damage in companies.

OpenVPN as an IoT security solution for remote access

There is an important security measure that companies must implement: It is important to secure all remote connections and the monitoring of IoT devices with proven VPN technology, such as OpenVPN software. In combination with remote access controls and certified authentication measures, VPNs form an effective barrier that protects confidential company data from the unwanted attention of unauthorized persons. With VPN, you can access private networks from everywhere!

Direct VPN integration for a secure IoT, for example with OpenVPN

A native VPN client like OpenVPN is rarely feasible for industrial IoT devices, even if current devices increasingly offer this option. Technical reasons play a role here, but also organizational obstacles and compliance requirements of the IoT manufacturers. Most of the time, the VPN client requires a Linux or Windows operating system, which is rarely available on older IoT devices.

The next question is whether enough resources are available. The main requirements for IoT and IoT devices  being small and energy saving – often mean that the CPU performance is not sufficient for complex security functions such as encryption or packet inspection.

Clients like the IoT VPN client from NCP, which are intended for use in this environment, require a few MB of RAM and a Linux kernel from 3.x as well as various libraries and modules.

IoT gateways

If IoT systems do not meet these hardware or software requirements or if the manufacturer does not allow a VPN client for certification reasons, IoT gateways are a way out. Until now, IoT gateways have mainly been used to connect legacy devices that do not have a network interface to connect to a bus system such as Modbus or TCP / IP, to convert signals and media or to carry out simple logic operations.

However, more and more users are now using IoT gateways as a VPN client to solve the known problem of insufficient computing power. Currently offered IoT gateways have modern processors, sufficient RAM, and enough mass storage for a Linux or Microsoft operating system and multiple applications. In addition to classic Linux distributions, products for IoT devices are also available that are tailored specifically to their requirements. Clients for cloud services such as Microsoft Azure IoT, Sema Cloud or Cumulocity are often part of the basic equipment. Connectivity options for wired and wireless networks are included, as are firewalls and other security mechanisms.

All data from sensors and actuators is thus securely encrypted from the exit of the IoT gateway. As a result, the user avoids restrictions in the hardware and software configuration of IoT devices, does not require manufacturer approval for software changes, and can outsource additional tasks to the gateway. Several manufacturers, including NCP, now offer a VPN component that can be installed on an IoT gateway with a Linux operating system.

Get in touch with our IoT experts

Discover how emnify can help you grow your business and talk to one of our IoT consultants today!