The network layer is crucial in managing and protecting the communication between applications and devices on your network.
The most effective way to enhance cyber resilience is to use a private access point network (APN) instead of a public, static IP address for RWS200. For the options available in your region, contact your local operator.
In your private network, create a separate subnet for RWS200 and separate it from the other subnets with a firewall.
If you must use public Internet, make sure that traffic towards RWS200 is only allowed from the necessary IP addresses in your backend system.
Follow the previously established security policies in your organization.
To secure network traffic between external and internal networks, Vaisala recommends the following:
- Prefer push (RWS200 sending data reports to data collection system) over polling (data collection system requesting data reports from RWS200).
- Use secure HTTPS protocol in outgoing connections from RWS200 to data collection systems.
- Use unique credentials for each station's connection to the data collection system in the data reporting settings.
- Replace the default self-signed certificate with a signed certificate.
- By default, the WLAN hotspot is disabled. If you enable it, set it to automatically close after a set time (default = 60 min). Always close the connection when not in use.