Data provision
Kaspersky IoT Secure Gateway does not transmit the personal data of users to Kaspersky. Personal data of users is not processed on Kaspersky IoT Secure Gateway devices.
Kaspersky IoT Secure Gateway saves and processes the following information that does not include personal data:
- User account name.
- IP addresses, MAC addresses, and the names of devices that were detected in the network.
- Event log.
- Audit log.
- User security certificates.
- User settings defined during system configuration.
Each time the system is restarted, the event log and device list are deleted. The next time you log in, the event log and device list begin receiving all new entries. All certificate details are encrypted and stored in a separately allocated space on the drive.
When working with Kaspersky IoT Secure Gateway, cookie files save the session ID, user name, and last visited page of the web interface (if the session was automatically closed after 10 minutes).
If Kaspersky IoT Secure Gateway is connected to the Kaspersky Security Center Web Console, it can save and process the following information that does not include personal data:
- LAN settings:
- Status of automatic configuration of internal network settings via the DHCP protocol (enabled or disabled).
- IP address of Kaspersky IoT Secure Gateway in the internal network.
- Subnet mask.
- IP addresses of DNS servers.
- MAC address of Kaspersky IoT Secure Gateway in the internal network.
- Starting and ending IP addresses of the range of internal network addresses.
- WAN settings:
- Status of automatic configuration of external network settings via the DHCP protocol (enabled or disabled).
- IP address of the default gateway.
- IP address of Kaspersky IoT Secure Gateway in the external network.
- Subnet mask.
- MAC address of Kaspersky IoT Secure Gateway in the external network.
- IP addresses of DNS servers.
- Settings of firewall rules:
- Status of a rule (enabled or disabled).
- Action that the firewall must take on traffic that matches a rule.
- Zone to which the rule is applied.
- IP address of the traffic source.
- Port of the traffic source, if this setting is applicable to the utilized protocol.
- IP address of the traffic destination.
- Port of the traffic destination, if this setting is applicable to the utilized protocol.
- Utilized protocol.
- Information about the Intrusion Prevention system:
- Status of the Intrusion Prevention system (enabled or disabled).
- Accessibility of the Intrusion Prevention service.
- IP addresses in the unauthorized list.
- IDs of signatures used for adding IP addresses to the unauthorized list.
- IP addresses on the authorized list.
- MQTT broker profile settings:
- Indication of whether the profile was predefined.
- Status of the profile (active or inactive).
- Profile name.
- Settings of configuration files and MQTT certificates: file name, type and contents.
- Settings of web server profiles:
- Indication of whether the profile was predefined.
- Status of the profile (active or inactive).
- Profile name.
- Syslog server settings:
- Indication of whether events are forwarded to a Syslog server.
- IP address of the Syslog server.
- Port of the Syslog server.
- Forwarding mode.
- Certificate settings.
- Settings of push notifications:
- Name of the device to which Kaspersky IoT Secure Gateway sends push notifications.
- Authentication key.
- Certificate settings.
- Date and time set in Kaspersky IoT Secure Gateway.
- Password policy.
- Interval for synchronizing settings between the Kaspersky Security Center Web Console and Kaspersky IoT Secure Gateway.
- Commands that the Kaspersky Security Center Web Console can send to Kaspersky IoT Secure Gateway.
- Status of masquerading (enabled or disabled).
- Update server address.
- Product version information.
Any received information is protected by Kaspersky in accordance with the requirements established by law and in accordance with current regulations of Kaspersky. Data is transmitted over encrypted communication channels.
