Support

Support for business applications

Kaspersky IoT Secure Gateway 1000

Processing and storing data in Kaspersky IoT Secure Gateway 1000

Data provision

Kaspersky IoT Secure Gateway 1000
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Data provision

June 7, 2023

ID 198797

Save as PDF

Kaspersky IoT Secure Gateway 1000 does not transmit the personal data of users to Kaspersky. Personal data of users is not processed on Kaspersky IoT Secure Gateway 1000 devices.

Each time Kaspersky IoT Secure Gateway 1000 is started, it deletes the network security log and the list of devices detected in the network that are not included in the list of allowed devices. When a device is restarted or a connection is terminated, the network security log and the list of detected devices will be reset. All certificate details are stored in a separately allocated space on the drive.

When working with Kaspersky IoT Secure Gateway 1000, the following information is stored in cookie files:

  • ID of the current connection.
  • Last selected language of the Kaspersky IoT Secure Gateway 1000 web interface.
  • Last visited section of the Kaspersky IoT Secure Gateway 1000 web interface in case the user did not terminate the connection session with Kaspersky IoT Secure Gateway 1000 or closed the web interface before terminating the connection session.

When a certificate is uploaded, its data fields may save personal data of the user. You need to check the contents of these fields before uploading a certificate in the Kaspersky IoT Secure Gateway 1000 web interface.

When devices are detected in the enterprise network, the device name may contain personal data of the user. You need to rename a device when adding it to the allowlist.

When configuring MQTT broker settings, the contents of the configuration file may contain personal data. You need to check the data uploaded to the MQTT broker profile of Kaspersky IoT Secure Gateway 1000.

Kaspersky IoT Secure Gateway 1000 saves the following information that does not include personal data:

  • Network security log.
  • Audit log.
  • Set of rules of the Intrusion Prevention System (IPS).
  • IP addresses, MAC addresses, and network device names that are on the list of allowed devices.
  • MQTT broker settings:
    • Indicator of whether the profile can be edited
    • Indicator of whether the profile is active
    • Profile name
    • CA certificate for the MQTT server (the certificate may be self-signed)
    • Client certificate for the MQTT server
    • Private key for the client certificate of the MQTT server
    • Information about configuration files: file name, file type, file contents
  • General settings of Kaspersky IoT Secure Gateway 1000:
    • LAN settings:
      • IP address of Kaspersky IoT Secure Gateway 1000 within the internal network:
      • Subnet mask
      • DHCP server settings:
        • DHCP server usage (enabled or disabled)
        • Start and end of IP address range
        • Primary DNS server address
        • Secondary DNS server address
    • WAN settings:
      • DHCP client usage (enabled or disabled)
      • IP address
      • Subnet mask
      • Default network gateway
      • Primary DNS server address
      • Secondary DNS server address
    • Cellular connection settings of Kaspersky IoT Secure Gateway 1000:
      • Use of the modem as the main communication channel (enabled or disabled)
      • Modem DNS server addresses
      • Data on communication provider profiles:
        • Indicator of whether the profile is active
        • Indicator of whether the profile can be edited
        • Profile name
        • Data on the profile configuration file: file name, file type, file contents
    • Kaspersky IoT Secure Gateway 1000 security settings:
      • Administrator certificate for connecting to the Kaspersky IoT Secure Gateway 1000 web interface
      • KSC server certificate
    • Kaspersky IoT Secure Gateway 1000 web server settings:
      • Indicator of whether the profile can be edited
      • Indicator of whether the profile is active
      • Profile name
      • Configuration files
      • Web server certificate
      • Private key of the web server certificate
    • Settings of Syslog notifications:
      • Use of notifications for the Syslog server (enabled or disabled)
      • IP address and port of the Syslog server
      • Notification forwarding mode: UDP, TCP, TLS
      • Syslog server certificate
    • Settings of push notifications:
      • Name of the device that will receive push notifications
      • Authorization key of the device that will receive push notifications
      • Google FCM server certificate for push notifications
    • Settings of MQTT notifications:
      • Use of notifications over the MQTT protocol (enabled or disabled)
      • MQTT server address and port
      • MQTT-topic name
      • Use of authentication when sending notifications over the MQTT protocol (enabled or disabled)
      • User name and password
      • Use of a secure SSL connection (enabled or disabled)
      • CA certificate for sending notifications over the MQTT protocol
      • Client certificate for sending MQTT notifications
      • Private key of the client certificate for sending MQTT notifications
    • Kaspersky IoT Secure Gateway 1000 date and time settings
    • Settings for connecting to the Kaspersky Security Center server: server address and port
  • Kaspersky IoT Secure Gateway 1000 version information

If Kaspersky IoT Secure Gateway 1000 is connected to Kaspersky Security Center, Kaspersky IoT Secure Gateway 1000 saves and processes the following information that does not include personal data:

  • MQTT broker settings:
    • Indicator of whether the profile can be edited
    • Indicator of whether the profile is active
    • Profile name
    • CA certificate for the MQTT server (the certificate may be self-signed)
    • Client certificate of the MQTT server
    • Private key for the client certificate of the MQTT server
    • Information about configuration files: file name, file type, file contents
  • Network settings of Kaspersky IoT Secure Gateway 1000:
    • LAN settings:
      • IP address of Kaspersky IoT Secure Gateway 1000 within the internal network:
      • Subnet mask
      • DHCP server settings:
        • State of the DHCP server (enabled or disabled)
        • Start and end of IP address range
        • Primary DNS server address
        • Secondary DNS server address
    • WAN settings:
      • State of the DHCP client (enabled or disabled)
      • IP address
      • Subnet mask
      • Default network gateway
      • Primary DNS server address
      • Secondary DNS server address
    • Settings of firewall rules:
      • List of rules
      • State of a rule (enabled or disabled)
      • Action that the firewall must take on network traffic that matches a rule
      • Zone to which the rule is applied
      • IP address of the traffic source
      • Port of the traffic source, if this setting is applicable to the utilized protocol
      • IP address of the traffic destination
      • Port of the traffic destination, if this setting is applicable to the utilized protocol
      • Utilized protocol
    • Settings of the Intrusion Prevention System:
      • Use of the Intrusion Prevention System (enabled or disabled)
      • Availability of the Intrusion Prevention System
      • IP addresses that were entered into the list of denied IP addresses
      • Use of a list of denied IP addresses (when the list of denied IP addresses is disabled, attacks will be detected but the IP addresses from which the attacks originated will not be blocked)
      • IDs of signatures used for adding IP addresses to the list of denied IP addresses
      • IP addresses that were entered into the list of allowed IP addresses
    • Masquerading settings: state of masquerading (enabled or disabled)
  • Kaspersky IoT Secure Gateway 1000 settings:
    • Kaspersky IoT Secure Gateway 1000 web server settings:
      • Indicator of whether the profile can be edited
      • Indicator of whether the profile is active
      • Profile name
    • Kaspersky IoT Secure Gateway 1000 date and time settings
    • Cellular connection settings of Kaspersky IoT Secure Gateway 1000:
      • Modem operating status
      • Modem signal strength
      • Use of the modem as the main communication channel (enabled or disabled)
      • Modem DNS server addresses
      • Data for communication providers:
        • Indicator of whether the configuration file is active
        • Indicator of whether the configuration file can be edited
        • Configuration file type
        • Configuration file name
        • Configuration file contents
    • Kaspersky IoT Secure Gateway 1000 security settings:
      • Administrator certificate for connecting to the Kaspersky IoT Secure Gateway 1000 web interface
      • KSC server certificate
  • Settings for forwarding Syslog notifications:
    • Forwarding of notifications to the Syslog server (enabled or disabled)
    • IP address and port of the Syslog server
    • Notification forwarding mode: UDP, TCP, TLS
    • Syslog server certificate
  • Settings for forwarding push notifications:
    • Name of the device that will receive push notifications
    • Authorization key
    • Google FCM server certificate for forwarding push notifications
  • Settings for forwarding MQTT notifications:
    • Forwarding of notifications over the MQTT protocol (enabled or disabled)
    • MQTT server address and port
    • MQTT-topic name
    • Use of authentication when sending notifications over the MQTT protocol (enabled or disabled)
    • User name and password
    • Use of a secure SSL connection (enabled or disabled)
    • CA certificate for sending MQTT notifications
    • Client certificate for sending MQTT notifications
    • Private key of the client certificate for sending MQTT notifications
  • Settings for interaction between Kaspersky IoT Secure Gateway 1000 and the Kaspersky Security Center 13.2 Web Console:
    • Synchronization period for synchronizing the settings of Kaspersky IoT Secure Gateway 1000 and the Kaspersky Security Center 13.2 Web Console
    • List of commands that the Kaspersky Security Center 13.2 Web Console can send to Kaspersky IoT Secure Gateway 1000
    • Kaspersky IoT Secure Gateway 1000 update address
  • Kaspersky IoT Secure Gateway 1000 version information

Any received information is protected by Kaspersky in accordance with the requirements established by law and in accordance with current regulations of Kaspersky. Data is transmitted over encrypted communication channels.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.