Do you have additional requirements for security in your M2M/IoT solution?
Com4 offers a wide array of additional services adapted to machines’ requirements for secure communication. In addition to standard services such as data and SMS, we deliver services like public fixed IP-address, closed private APN, VPN and more.
Fixed Public IP-address
By using a public IP-address you will always be able to reach your device over the internet.
We can offer both IPv4- and IPv6-addresses based on your requirements. Fixed public IP-addresses are used together with two of our open common APNs for internet access, public or static.
Closed Private APN
Com4 offers private, dedicated networks(APN) to customers in need of a higher level of security. A private network gives the customer the opportunity to build a closed network on top of the mobile grid, where traffic flows separate of the “open” internet. Access to each APN is controlled by Com4’s core network, and access can be given on SIM card level, which ensures that only your devices have access. APN can be compared to VLAN in traditional local networks. Only SIM cards the customer have approved gets access to the private network.
APN can be defined by the user, directly on the mobile device, but the list of allowed APN for the actual SIM card, is controlled by Com4. Thus keeping unwanted devices outside the closed network, and at the same time keeping the traffic within the closed network separate from the “open internet”.
The APN can have one or multiple connections or accesses to other external networks, as an example; to the customer’s internal LAN. This is generally realized by the help of site-to-site VPN or dedicated lines. VPN is utilized for connecting the closed network within the mobile grid to a central point where for example data collection systems for water- or power meters are located.
A private network can be put up with a set of parameters, unique to the actual APN. As an example, the customer can decide for him-/herself which IP segment he/she wants to use on the mobile devices within the closed network. Assignment mechanisms for IP to mobile devices is dynamic or static (controlled by Com4), or RADIUS-based, where the customer controls their own RADIUS-server. Parameters such as nameserver can be assign from the customer-RADIUS.
VPN is defined as the interface between the customer’s IT-system and Com4’s core network. IP based communication between the customer’s server, runs through the VPN tunnel to Com4, and onwards to 2G/3G/4G-based mobile devices. The simplest form for VPN, is a so called site-to-site VPN. An IPsec-based tunnel is established between Com4’s VPN receiver and the customer’s VPN-equipment, but there exist other possibilities. The safest connection is by a dedicated fibre site-to-site.
If the customer does not have their own VPN equipment, or do not wish to operate and maintain such equipment, it can be delivered as part of the solution. Com4 delivers VPN router(s) as part of the setup and these are part of the communications solution. Com4 can also deliver fixed, dedicated IP-VPN connections directly to the customer’s location(s). The advantage of this kind of a connection is that it is completely separated from the internet, and therefore is not sensitive to DoS/DDoS attacks or other threats to the VPN endpoints.
Filtered internet access
Through a partnership with a leading supplier of security services for the internet, Com4 offers a solution for filtered internet access. This service makes it possible to filter out internet traffic that is not approved. Traffic that is not approved can be everything from singular content-categories, streaming, geographical areas, or traffic from “hostile” servers. The service is setup without the customer needing to own software or do any adaptions, neither on devices or in application.