Support

Support for business applications

Kaspersky IoT Secure Gateway 1000

Processing and storing data in Kaspersky IoT Secure Gateway 1000

Data provision

Kaspersky IoT Secure Gateway 1000
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Data provision

April 12, 2024

ID 198797

Get as PDF

Kaspersky IoT Secure Gateway 1000 does not transmit the personal data of users to Kaspersky. Personal data of users is not processed on Kaspersky IoT Secure Gateway 1000 devices.

The operating system audit event log, firewall audit event log, system log, and application logs are not deleted when Kaspersky IoT Secure Gateway 1000 starts. All certificate details are stored in a separately allocated space on the drive.

When deleting information or files automatically or manually, a special erasure method is used, in which the deleted objects of the file system are overwritten twice with special bit sequences. For example, this method is used for deleting the administrator certificate and user certificate when they are updated.

When working with Kaspersky IoT Secure Gateway 1000, the following information is stored in cookie files:

  • ID of the current connection.
  • Last selected language of the Kaspersky IoT Secure Gateway 1000 web interface.
  • Last visited section of the Kaspersky IoT Secure Gateway 1000 web interface in case the user did not terminate the connection session with Kaspersky IoT Secure Gateway 1000 or closed the web interface before terminating the connection session.

When a certificate is uploaded, its data fields may save personal data of the user. You need to check the contents of these fields before uploading a certificate in the Kaspersky IoT Secure Gateway 1000 web interface.

When configuring MQTT broker settings, the contents of the configuration file may contain personal data. You need to check the data uploaded to the MQTT broker profile of Kaspersky IoT Secure Gateway 1000.

Kaspersky IoT Secure Gateway 1000 saves the following information that does not include personal data:

  • Network device type
  • Kaspersky Security Center Administration Server connection status.
  • Firewall audit log.
  • Operating system audit log.
  • User accounts settings:
    • General settings:
      • Number of failed login attempts before locking
      • Time to wait after a failed login
    • Root certificate settings:
      • Certificate file name
      • Remaining certificate validity period
    • Administrator account settings:
      • Account name
      • Credentials expiration date
      • Certificate expiration date
    • User account settings:
      • Account name
      • Credentials expiration date
      • Certificate expiration date
  • Kaspersky IoT Secure Gateway 1000 web server settings:
    • Web server certificate name
    • Subject name
    • Certificate issuer
    • Certificate validity period
  • List of applications available to install
  • List of installed applications:
    • Application name
    • Application version
    • Size
    • Application type
    • Application start rules
    • Manifest
    • Application status
    • Set of Kaspersky IoT Secure Gateway Network Protector industrial protocol filtering rules (if the application is installed)
  • Application logs
  • Network settings:
    • LAN settings:
      • IP address of Kaspersky IoT Secure Gateway 1000 within the internal network
      • Subnet mask.
      • MAC address
      • DHCP server settings:
        • DHCP server usage (enabled or disabled);
        • Start and end of IP address range;
        • Primary DNS server address;
        • Secondary DNS server address.
    • WAN settings:
      • Address translation (NAT) settings: masquerading status (enabled or disabled)
      • DHCP client settings:
        • DHCP client usage (enabled or disabled);
        • IP address;
        • Subnet mask;
        • Default network gateway;
        • Primary DNS server address;
        • Secondary DNS server address;
        • MAC address.
      • Cellular connection settings of Kaspersky IoT Secure Gateway 1000:
        • Modem operating status
        • Modem signal strength
        • Use of the modem as the main communication channel (enabled or disabled)
        • Modem DNS server addresses
        • Telecom carrier profile details: profile activity indicator, indicator of profile editability, profile name, profile configuration file details (file type, file name, file content)
    • Routing settings:
      • Route type
      • Route IP address
      • Network mask
      • Gateway
      • Route status
    • MQTT broker settings:
      • Indicator of whether the profile can be edited
      • Indicator of whether the profile is active
      • Profile name
      • Date and time of the most recent change in the profile
      • CA certificate for the MQTT server (the certificate may be self-signed)
      • Client certificate for the MQTT server
      • Private key for the client certificate of the MQTT server
      • Information about configuration files: file name, file type, file contents
    • Application protocol filtering settings:
      • List of protocols for blocking traffic:
        • FTP
        • HTTP
        • MQTT
        • Modbus
        • SMTP
        • IMAP
        • POP3
      • Traffic blocking status by protocol (blocked or allowed)
  • Self-diagnostics details:
    • Integrity check information: last check date
    • Self-test details:
      • Summary self-test status
      • Test name
      • Test status
      • Test type
      • Last test date
      • Test details
  • General settings of Kaspersky IoT Secure Gateway 1000:
    • Device name
    • System date and time
    • Notification settings:
      • Settings of Syslog notifications:
        • Forwarding of notifications to the Syslog server (enabled or disabled)
        • IP address and port of the Syslog server
        • Notification forwarding mode: UDP, TCP, TLS
        • Syslog server certificate
      • Settings of MQTT notifications:
        • Forwarding of notifications over the MQTT protocol (enabled or disabled)
        • MQTT server address and port
        • MQTT-topic name
        • Use of authentication when sending notifications over the MQTT protocol (enabled or disabled)
        • User name and password for authentication
        • SSL for authentication (enabled or disabled)
        • CA certificate for sending notifications over the MQTT protocol
        • Client certificate for sending MQTT notifications
        • Private key of the client certificate for sending MQTT notifications
    • Kaspersky Security Center Administration Server connection settings:
      • Kaspersky Security Center Administration Server certificate
      • Kaspersky Security Center Administration Server address and port
    • System log with diagnostic information
    • Device configuration in JSON format
  • Kaspersky IoT Secure Gateway 1000 information:
    • Kaspersky IoT Secure Gateway 1000 version
    • Links to online help
    • Third party code information
  • Information about KasperskyOS:
    • Operating system version
    • Third party code information

If Kaspersky IoT Secure Gateway 1000 is connected to Kaspersky Security Center, Kaspersky IoT Secure Gateway 1000 saves and processes the following information that does not include personal data:

  • List of applications available to install
  • List of installed applications:
    • Application name
    • Application version
    • Publication date
    • Category
    • Application status
    • Application configuration
  • Installed applications settings:
    • Information about installed applications:
      • Application name
      • Application version
      • Application type
      • Application status
      • Application start rule
      • Application manifest
    • Application certificates:
      • Certification Authority certificate file name
      • Certification Authority certificate principal name
      • Certification Authority certificate issuer
      • Certification Authority certificate validity period (expiry date)
      • Client certificate file name
      • Client certificate subject name
      • Client certificate issuer
      • Client certificate validity period (expiry date)
      • Client certificate key file name
    • Routing apps:
      • Route status
      • Source app
      • Source connection point
      • Destination app
      • Destination connection point
  • MQTT broker settings:
    • Indicator of whether the profile can be edited
    • Indicator of whether the profile is active
    • Profile name
    • CA certificate for the MQTT server (the certificate may be self-signed)
    • Client certificate of the MQTT server
    • Private key for the client certificate of the MQTT server
    • Information about configuration files: file name, file type, file contents
    • Certificate for sending MQTT notifications
  • Network settings of Kaspersky IoT Secure Gateway 1000:
    • LAN settings:
      • IP address of Kaspersky IoT Secure Gateway 1000 within the internal network
      • Subnet mask.
      • MAC address.
      • DHCP server settings:
        • DHCP server usage (enabled or disabled);
        • Start and end of IP address range;
        • Primary DNS server address;
        • Secondary DNS server address.
    • WAN settings:
      • Address translation (NAT) settings: masquerading status (enabled or disabled)
      • DHCP server settings:
        • DHCP client usage (enabled or disabled);
        • IP address;
        • Subnet mask;
        • Default network gateway;
        • Primary DNS server address;
        • Secondary DNS server address;
        • MAC address.
    • Routing settings:
      • Route type
      • IP address;
      • Network mask
      • Gateway
      • Route status
    • Firewall rules:
      • List of rules
      • State of a rule (enabled or disabled)
      • Action that the firewall must take on network traffic that matches a rule
      • Zone to which the rule is applied
      • IP address of the traffic source
      • Port of the traffic source, if this setting is applicable to the utilized protocol
      • IP address of the traffic destination
      • Port of the traffic destination, if this setting is applicable to the utilized protocol
      • Utilized protocol
    • Cellular connection settings of Kaspersky IoT Secure Gateway 1000:
      • Modem operating status
      • Modem signal strength
      • Use of the modem as the main communication channel (enabled or disabled)
      • Modem DNS server addresses
      • Telecom carrier operation details: configuration file activity indicator, indicator of configuration file editability, configuration file type, configuration file name, configuration file content
    • Kaspersky IoT Secure Gateway Network Protector settings (if the application is installed):
      • Set of rules for filtering industrial protocol traffic
      • IP address denylist
      • IP address allowlist
    • Application protocol filtering settings:
      • List of protocols for blocking traffic:
        • FTP
        • HTTP
        • MQTT
        • Modbus
        • SMTP
        • IMAP
        • POP3
      • Traffic blocking status by protocol (blocked or allowed)
    • Network cluster settings:
      • Network cluster status (enabled or disabled)
      • Cluster device priority
      • Virtual IP address
      • Virtual IP address mask
      • Cluster identifier
  • Kaspersky IoT Secure Gateway 1000 general device settings:
    • Device name
    • Time of last synchronization with device
    • Connection certificate details:
      • Details of the administrator certificate for Kaspersky IoT Secure Gateway 1000 web interface connection:
        • Certificate file name
        • Subject name
        • Certificate issuer
        • Certificate validity period
      • Kaspersky Security Center Administration Server certificate details:
        • Certificate file name
        • Subject name
        • Certificate issuer
        • Certificate validity period
    • Web server settings:
      • Web server certificate details:
        • Certificate file name
        • Subject name
        • Certificate issuer
        • Certificate validity period
      • Certificate key information: key file name
    • Notification settings:
      • Settings of Syslog notifications:
        • Forwarding of notifications to the Syslog server (enabled or disabled)
        • IP address and port of the Syslog server
        • Notification forwarding mode: UDP, TCP, TLS
        • Syslog server certificate
      • Settings of MQTT notifications:
        • Forwarding of notifications over the MQTT protocol (enabled or disabled)
        • MQTT server address and port
        • MQTT-topic name
        • Use of authentication when sending notifications over the MQTT protocol (enabled or disabled)
        • User name and password for authentication
        • SSL for authentication (enabled or disabled)
        • CA certificate for sending MQTT notifications
        • Client certificate for sending MQTT notifications
        • Private key of the client certificate for sending MQTT notifications
  • Settings for interaction between Kaspersky IoT Secure Gateway 1000 and the Kaspersky Security Center 14.2 Web Console:
    • Synchronization period for synchronizing the settings of Kaspersky IoT Secure Gateway 1000 and the Kaspersky Security Center 14.2 Web Console
    • List of commands that the Kaspersky Security Center 14.2 Web Console can send to Kaspersky IoT Secure Gateway 1000
  • Kaspersky IoT Secure Gateway 1000 version information

Any received information is protected by Kaspersky in accordance with the requirements established by law and in accordance with current regulations of Kaspersky. Data is transmitted over encrypted communication channels.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.