1. Aeris
  2. Using the New Portal
  3. Security (New Portal)

 

Security Policies (New Portal)

Avatar
Leslie Johnson

The Security Policies screen enables you to define specific security behavior for one or more of your IoT device groups.

In this article:

Basics

The Security Policies screen is available in the Aerport Portal under the Security menu.
A Security Policy is a specific set of security-related settings. Examples of security-related settings include:
  • Network Security Mode (Zero Trust enabled/disabled)
  • Blocked traffic rules
  • Allowed traffic rules
On the Security Policies page, you can define the desired security behavior and assign it to one or more of your IoT device groups. Then, the behavior is enforced by the Aeris IoT Network.

Note: Each IoT device group (service profile) can only have one security policy assignment, but you can assign a security policy to multiple IoT device groups.

Security Policy Example

See the following example of how a company can use security policies:

An Enterprise company has several different connected IoT product lines. One is a smart refrigerator that incorporates an Internet browser function and requires access to the open Internet. Another product line is a connected personal health monitor that relays sensitive medical information (e.g., heart rate, Sp02, and blood pressure) to a receiving clinic. These two product lines have very different network security needs.

Product Security Needs
Smart Refrigerator
  • Requires general open Internet access
  • Ability to block specific endpoints that may be a potential risk
Medical Monitor
  • Must only be able to access a single endpoint via VPN
  • No general Internet access

The Security Policies feature enables you to create two different security policies, each tailored to the specific security needs of each product line. You can apply the “Smart Refrigerator” security policy to the service profile that contains the refrigerators, and the “Medical Monitor” security policy to the service profile that includes the monitors.

Creating a Policy

To create a security policy:
  1. Log in to the Aerport portal.
  2. Click Security > Security Policies in the left navigation menu.
  3. Click Create at the top right corner of the screen.
  4. In the popup window, populate the Name and Description field.
  5. Click Create Now. The new policy appears on the Security Policies screen.
Once you create the policy, you can define its settings.

Defining a Policy

To define a policy:
  1. Click Security > Security Policies in the left navigation menu.
  2. Locate the security policy you want to define.
  3. Click the pencil icon to define the policy.
  4. In the General Settings tab, review the populated fields and settings.
    Note: Zero Trust Network is enabled by default. To learn more about the Zero Trust Network settings, see Zero Trust Network.
  5. Click Save Settings.
  6. Do one of the following:
    • If the Zero Trust Network is Disabled, click the Blocked Traffic tab to block traffic.
    • If the Zero Trust Network is Enabled, click the Allowed Traffic tab to allow traffic.
  7. Click +Traffic at the top right corner of the screen to block or allow traffic.
  8. Select one of the following:
    • Enter Traffic Details:
      1. Select a Traffic Direction:
        • Mobile Originated (MO): Traffic coming from the device.
        • Mobile Terminated (MT): Traffic going to the device.
      2. Populate the following fields:
        • Endpoint IP Address or IP Range: IP Address or range of IP addresses.
          Note: For examples on how to enter protocols, click the question mark.
        • Protocol: Data transfer protocol.
          Note: For examples on how to enter protocols, click the question mark.
        • Port Number(s) or Range(s): Number of the port.
        • Description: Description of the traffic.
      3. Click Save at the top right corner of the screen. A confirmation banner appears.
    • Select from observed traffic:
      1. (Optional) To filter the list, click View Last 7 Days to select the desired time frame from the drop-down menu and then click Update Results.
      2. Select the traffic endpoint(s) you want to block or allow.
      3. Click Save at the top right corner of the screen. A confirmation banner appears.
  9. (Optional) Once you add traffic endpoints, you can select one of the following action icons:
    • Play/Pause: Temporarily enables/disables endpoint traffic rule.
    • Pencil: Edit the traffic rule details.
    • Trash: Deletes the traffic rule.
Once you create and define the policy, assign it to a service profile to block/allow traffic.

Zero Trust Network

The Zero Trust Network settings determine how traffic is blocked/allowed within service profiles.
Note: The default setting is Disabled.
When the Zero Trust Network is Disabled:
  • All traffic is allowed, except for the endpoints listed in the Blocked Traffic tab.
  • The rules listed in the Allowed Traffic tab are not in effect. You can edit this list without affecting network traffic.
When the Zero Trust Network is Enabled:
  • All traffic is blocked, except for the endpoints listed in the Allowed Traffic tab.
  • The rules listed in the Blocked Traffic are not in effect. You can edit this without affecting network traffic.

Assigning a Policy

To assign a policy to a service profile:
  1. Click Security > Security Policies in the left navigation menu.
  2. Click Assign at the top right corner of the screen. This opens the Policy Assignment screen.
  3. Locate the service profile you want to assign.
  4. Click the pencil icon on the service policy. This opens the Edit Assignment window.
  5. Select the security policy from the Choose Security Policy drop-down menu.
    Note: To remove a policy from a service profile, select none from the drop-down menu.
  6. Click Save. Now you can see the security policy assigned to the service profile.

Previous article  
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.