Security objectives and constraints

Security objectives

The security objectives of Kaspersky IoT Secure Gateway 100 include the following requirements:

• Kaspersky IoT Secure Gateway 100 ensures secure, unidirectional transfer of data from the gateway-connected OPC UA server to the MQTT broker over the MQTT protocol while eliminating the possibility of the external network having any impact on internal resources of the enterprise.
• Kaspersky IoT Secure Gateway 100 ensures the integrity and confidentiality of data transmitted to the MQTT broker.

  Property of information meaning that it cannot be accessed by unauthorized users and/or processes.

  State of information (or resources of an information system) whereby changes can be made only by persons who have the permissions to make such a change.

Availability of Kaspersky IoT Secure Gateway 100 is not a security objective of Kaspersky IoT Secure Gateway 100.

Security constraints

The security constraints of Kaspersky IoT Secure Gateway 100 include the following limitations:

• The hardware platform is trusted, so threats associated with its vulnerabilities are not considered.
• No cybercriminal has physical access to the hardware platform, so threats associated with the corresponding vulnerabilities are not considered.
• The threat level from the external network is medium (basic elevated).
• The threat level from the internal network is low (basic).
• Kaspersky IoT Secure Gateway 100 does not have internal administration resources. The software portion and configuration are saved on an extractable microSD card that can be physically accessed only by the administrator.
• Kaspersky IoT Secure Gateway 100 cannot guarantee the integrity and confidentiality of data transmitted within the internal network from the gateway-connected OPC UA server to Kaspersky IoT Secure Gateway 100.
• Kaspersky IoT Secure Gateway 100 cannot ensure that connected devices will be protected against attacks launched from within the internal network.
• Kaspersky IoT Secure Gateway 100 is the only means to exchange data between the external network and internal network.
• The hardware platform has separate network controllers for connecting to the internal and external network.
• The MQTT broker supports connections over the TLS protocol.

  Secure protocol that uses encryption to transfer data in local networks and on the internet. TLS is used in web applications to create secure connections between a client and a server.

For more detailed information on assessing the information security threat level, please refer to the website of the relevant government agency with jurisdiction over technical and export regulations.

Threats associated with breached availability of the infrastructure, such as inaccessible communication channels between the sides of network interaction, are not considered.