Platform Security

Vitalpointz IoT Core/Core Lite platform is fortified with several security features. Following list provides outline of some of the security features implemented by the platform.

For IoT Device Security features, see chapter ‘Device Security’

Firewalls

The virtual machine (called droplet in digital ocean) that runs IoT Core/Core Lite image implements firewall rules that opens only the required ports and closes all other ports.

Following are ports open

80/TCP & 443/TCP: User Access

10001/TCP – 10005/TCP: Device Access

8080/TCP & 9100/TCP: for Monitoring

API Rate-limits

The cloud platform exposes REST API endpoints using few subdomains. API Rate-limits are applied to protect the resources behind the endpoint. Different subdomains have different limits in order to facilitate the differing API load requirement from different consumer types such as webUI/Device etc.

JWT Token

Most of the APIs protected by Authorized API access. Tokens are issued to API consumer based on valid user name/password. Tokens have expiry timeout, which gets reset whenever there is a successful API access. Token itself is encrypted.

Audit Logs

The Cloud platform generates events on particular occurrence. All these events are captured and stored on audit log subsystem.

Privilege based Access Control

See chapter: user management

HTTPS based on Letsencrypt Certificate

The platform UI does not provide HTTP Access. HTTPS is the only and default option. The HTTPS service leverages Letsencrypt service to protect the portal. Letsencrypt certificate needs to be periodically updated. This update process is done, new certificate is downloaded into the customer instance of IoT Core/Core Lite periodically whenever required. This update process is delivered by vMIST server (vitalpointz Managed IoT Service).

DDoS & DNSSEC

DDoS and DNSSEC service can be added to customer instance on request using vitalpointz’ partner. Please reach out to us support@vitalpointz.net if you require these services to be enabled on your IoT Core/Core Lite instance.