PDF Version
PDF Version
Embedded Files
Network Security Details_V1 (1) (1).pdfNetwork Security
Network Security
Details
Details
The following details the network security employed by the SensoScientific OTA System. The OTA System is an environmental monitor which using probes to capture data from real-world environmental data (Temperature/Humidity/etc...) and store logs on a cloud database. The database is accessible by a web application (https://cloud.sensoscientific.com) behind a user authentication page.
System Overview
System Overview
OTA Sensors connect to client networks using Wi-Fi. The sensor sleeps when not in operation. The waking period (measurement interval) is normally once each 15 minutes and can be changed. The sensor will wake and poll to see if it can establish internet connection. Once established, data is sent through the client network to a Microsoft Azure cloud storage. From this cloud storage, the user can access historical data and be alerted in case the data is outside a pre-defined range.
General Network Diagram
Network Specifications
Network Specifications
WIRELESS PROTOCOL / AUTHENTICATION
IEEE 802.11b/g/n 802.1x
Only 2.4GHz Wi-Fi is supported. 5GHz is NOT supported.
WPA1/WPA2 Authentication
WPA2 Enterprise
RADIUS Authentication
MAC Address Authentication
Does NOT support token pages
Up to 54Mbps
FIREWALL REQUIREMENTS
TCP port 80 outbound must be open to communicate to the following domain: sensoscientific.trafficmanager.net:80Â
Azure databases require the following IP ranges that the sensors may possibly communicate with:
65.55.80.0/20, 65.54.48.0/21, 65.55.64.0/20, 70.37.48.0/20, 70.37.64.0/18, 65.52.32.0/21, 70.37.160.0/21, 157.55.103.48/28, 157.55.176.0/20, 157.55.103.32/28, 157.55.192.0/22
Please ensure that all these endpoints are whitelisted.
SECURE COMMUNICATION PROTOCOL
TCP/IP
Unlike UDP protocol, TCP guarantees data is delivered to the receiver and sends an acknowledgement back to sensor node.
TCP Protocol
The downside to UDP is that data sent from the sensor client may be lost. Since there is no expected acknowledgement of receiving data, the data will be deleted. TCP ensures that the server received the data sent was received and stored on the cloud before clearing it’s memory.
AES 128-bit Encryption At-Rest and In-Transit
AES (Advanced Encryption Standard) is a hashing algorithm that encrypts the raw data in the transmission. Data stored in the data loggers and during transit are encrypted (See the Detailed Network Diagram for more information).
NETWORK
IPv4
DHCP or static support
Very small bandwidth footprint (less than 2KB per package)
SERVER
TDE Data At Rest Encryption
Data received by the Azure Data Server is encrypted with AES128. This data is decrypted and stored into the Azure SQL Database with a TDE encryption. This data is decrypted by the database when a user accesses it via the Web Application. See more on TDE Encryption at the following: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption?view=sql-server-ver15
Detailed Network Diagram
How Nodes Communicate with Network (for IT Department)
How Nodes Communicate with Network (for IT Department)
Here is some information that the node communicates with PORT80 and PORT8080: If you have OTA and Enterprise, both ports need to be open.
OTA
OTA
Ports 80 The hostnames are sensosci2.cloudapp.net
Enterprise nodes
Enterprise nodes
Port 8080Â sensosci.cloudapp.netÂ
Are you using MAC authentication?
Are you using MAC authentication?
If so you need to add the MAC address of the node to your system.
The nodes are compatible with 2.4GHz WiFi only (not 5.0GHz). Dual-band is not supported.
Nodes use 802.11 b/g/n 802.1x protocols to connect.
Is there any limit on the number of devices that can be connected to your Wi-Fi?
Is there any limit on the number of devices that can be connected to your Wi-Fi?
No proxy server communication.
IP range
IP range
sensoscientific.trafficmanager.net and sensosci2.clouapp.net IP: 13.85.83.85 Secondary: 104.45.238.139.
Page updated
Report abuse