Domorela's Blog: Security
Security was another of the key points considered from the begining in the development of Domorela as it is directly related with privacy, but also with continuity of service.
Many of the current IoT devices are designed from previous designs of older devices that weren't connected in the way the IoT is connecting devices today, so they were designed without the need to think about remote hackers with no direct access to the infrastructure and now there are a lot of security issues on those devices and/or installations.
Domorela provides security by design, this concept is applied here covering not only IT security against threads but also taking into account the continuity of service. The device is properly hardened from factory so installing a Domorela unit doesn't require to have specific IT Security knowledge.
Domorela includes security components and Web User Interface is accessed via secure protocol. Domorela is also provided with perimetral security mechanism in order to protect against network attacks. Domorela is able to perform all his duties without the need to be permanently connected to a remote cloud, thus avoiding reliability problems and/or cuts of service due to lack of remote network connectivity. Finally, KNX protocol was elected as the first protocol to embody because KNX installations implement distributed Intelligence and remote devices can operate by themselves in case of a network failure.
As any other IoT device, Domorela can be queried via API by authorised remote hosts but, as a design decision in order to be more secure in front of network attacks, will only answer remote queries and will not initiate any connection with remote systems.
Anyway, security procedures and best practices must be observed while deploying Domorela, as in the case of any other IT asset:
- default factory passwords must be properly changed,
- certain default values in the configuration should be changed,
- the use of well-known values should be avoided while changing default values,
- all user passwords and other security related info must be stored in a secure way,
- physical protection must be implemented in the location of the installation,
- electrical protection should be properly installed to avoid any fault or damage,
- all of the above should be documented and all documents, and their backups, properly stored in a safe place
More content on security will be published in later articles.