Security concerns when Basics Station and Gateway Bridge are on different devices?


if I install the ChirpStack Gateway Bridge only once on a server and connect it to multiple gateways through the UDP packet forwarder the documentation says:

Please note that from a security perspective, it is the least secure option. The UDP protocol implemented by most gateways don’t support any form of authorization and checks that the received data is authentic.

I understand that and it’s clear to me. No questions so far.

But what if I use the Basics Station packet forwarder? Is it still more secure to install the Gateway Bridge on every Gateway? Is the connection between Basics Station <-> Gateway Bridge considered as secure?

The Basics Station uses Websockets, which can be secured with TLS. The same is with the Gateway Bridge which can be configured to use MQTT over TLS. In this case (and assuming they are correctly configured) both are secure :slight_smile:

1 Like