Jul 7, 2022
A Technical Analysis of an OptConnect Device
Here at OptConnect, we provide a simple, easy, and ultra-reliable solution for connecting unattended equipment to the internet via cellular. We provide everything you need to simply plug in your device and know you have the #1 trusted partner in fully-managed connectivity taking care of everything else.
An integral part of our fully-managed connectivity is providing you with the hardware you need, this includes a modem or router. In this post, we’re going to take you through a physical onsite inspection as well as an analysis of all the features/functions of your connected equipment.
1) Check the cables: Starting at the ethernet port(s) on the back of the device, follow the ethernet cable(s) and identify every device connected, whether directly to the device, or via any secondary switches, hubs, routers, or firewall appliances. Identify all equipment by Name/Type/Model/Function. Create a written record (sample attached below) of each device/service that you have connected at the site, so that in future, you will be able to easily detect any changes or unauthorized connections.
2) WIFI/Access Points/Hot Spots: The OptConnect device itself does not provide WiFi service, however, if you have connected a WiFi capable appliance to the device, that WiFi connection will use the device has the Internet gateway for any devices that can access and connect to your WiFi appliance. Unrestricted access through a WiFi appliance is a very common cause of excessive data usage (#2 in the Top 5) and can quickly use up your data plan. All Wifi, Bluetooth or Thread-connected devices that communicate with your WiFi appliance for Internet access need to be identified on your site record. If you have installed a WiFi capable appliance, you will need to access the configuration on that appliance to determine if WiFi is enabled for open access and if so, you will need to make note of every SSID by name and determine its current operational status, as well as to record the names of individuals or devices that are authorized to use that WiFi connection.
a. If WiFi is enabled, make sure that the SSID (WiFi Network Name) is protected with a STRONG password. If you cannot verify everyone who has access or if you suspect the password may have been compromised or is being used by unauthorized parties or for unauthorized purposes, change the password.
b. Authorized personnel using the WiFi connection must remember to DISCONNECT from that WiFi SSID once they have completed their work-related tasks.
i. NOTE: If users forget to disconnect their cellphone/laptop/tablet or other device from the WiFi connection, they will continue to utilize that connection through the OptConnect gateway if they are within WiFi signal range of that WiFi appliance.
ii. Auto-Connect/Reconnect features for WiFi should be disabled on the user’s device for these SSID’s. Authorized users should be required to LOGIN to that connection only when needed and then disconnect when the required task is completed.
c. WiFi Open Access: Non-password protected WiFi Access should be DISABLED. The OptConnect itself and the associated data plan are not intended for, nor will it accommodate, the large data requirements of general Internet access for local employees/staff or other casual users/customers at the site. The device should never be used to provide shared/free Internet access.
d. If you are unsure whether your equipment is providing WiFi service, you can use a cellphone to check:
i. Stand within 15-20 feet of your installed hardware.
ii. Go to the WiFi settings on your cell phone, enable WiFi and look for all active SSIDs within range.
iii. Check those SSID’s names against your WiFi appliance list of SSIDs to see if they are locked or open – generally, you will see an open/closed padlock icon.
iv. If you find SSIDs that you do not recognize or cannot verify, contact your equipment vendor or IT manager for verification against your WiFi appliance configuration.
v. For any SSIDs you find running on your WiFi appliance, take appropriate action to disable any that should not be running and/or to secure any approved SSIDs with a STRONG password.
3) Check for other WAN/LAN or unauthorized connections: Look for ethernet cables that might be linked to another private LAN or service failover appliances, such as the Ubiquiti EdgeRouter or similar WAN Load-Balancing appliances. If you find an ethernet cable running from the device or your connected switches, hubs, or secondary routers to a wall outlet in the building, that could indicate a cross connection with another WAN/LAN. Such crossover connections could be “back-hauling” Internet traffic from another network through the device.
a. The device is not intended for use as a backup/failover Internet connection and OptConnect does not support failover configurations. Furthermore, such connections could represent a security risk for your operation. The device cannot discriminate between a device that you have approved from an unauthorized connection. It is therefore highly recommended that you keep your OptConnect device, port switches, hubs or secondary routers secured from access by unauthorized parties.
b. If you find an ethernet cable connected to your device (directly or indirectly via a secondary appliance) and you cannot identify whether it is connected to one of your authorized devices, disconnect that cable until you can identify and approve that connection.
4) Check for Cloud-Based and Live Streaming devices/services: Cloud-Based systems utilize Internet based servers and applications. Devices such as security camera systems connected to a Cloud storage or monitoring service require a live Internet connection to operate. The connection of live-streaming video systems, streaming audio systems (Jukeboxes) or managed software update systems and monitoring services over the device is the most common cause of excessive data usage and suspensions. Live Streaming/Cloud-based connections are the #1 cause of data overages and suspensions.
a. If your device routinely exceeds the monthly data limit of your plan and you are using live Streaming or Cloud-Based systems or services, those devices should be removed from the installation or converted to LOCAL systems maintained behind the OptConnect gateway, such as DVR based video storage methods, etc. Even a single live streaming security camera can use hundreds of megabytes to multiple gigabytes of data per hour and will almost certainly result in your OptConnect device being suspended on a regular basis.
i. Below are the baseline data specifications for the most used video streaming formats and how much data they may consume. Data usage can vary widely, so it is best to check with your hardware vendor or system integrator for more information:
· 480p: 562.5MB per hour
· 720p: 1.86GB per hour
· 1080p: 3.04GB per hour
· 2160p (4K): 15.98GB per hour
5) Check for Live Advertising: Check for any advertising content appliance/service that may be presenting ads/coupons, etc. to your customers through a connected display monitor or ad platform device, or as part of a service kiosk application. Advertising data content may include text, QR Coded links to Internet-based services, audio, video, or graphical images that may consume large amounts of data and can quickly use up the data available on your data plan. If you have implemented such a system, check with your ad content provider to see if your advertising content can be downloaded to your local device, rather than live streaming through the Internet gateway connection.
6) Check for DVR based security camera systems with Remote Viewing capability: DVR systems will maintain digital camera video feed data on a local server, but they may also offer remote access. Such systems will need to be set up in such a way as to prevent live streaming or live updates to/from a remote system. With a DVR based system, remote access should only be used to either download an event clip or to view the camera or DVR content as needed and should be used sparingly. Live remote monitoring will result in the same data usage issues as with a live streaming or cloud-based camera system during the remote monitoring session.
a. It is important for any authorized remote viewer to turn OFF the remote viewing software application when they have completed their download/viewing session, to prevent that open connection from continuing to utilize the data connection. Many remote viewing systems will have a “parasitic” data stream, even when you are not actively downloading or viewing content, unless you turn off/shut down the remote viewer application.
b. It is also highly recommended that the video clips stored on the DVR for downloading or viewing, be compressed and/or use a lower quality video format from the original. This will lower the amount of data usage as compared to a High-Definition or uncompressed video format.
7) Check for recent or ongoing automated software updates or patches: Windows, Apple/MAC, Android (Phone and Tablet devices) or Linux based systems that are configured to update OS or application data over the Internet can consume large amounts of data. These Operating Systems and your application service devices should be configured with “automatic updates disabled”.
For example: In Windows, it is recommended that you go into the Network Configuration and set the Network Type to “Metered Service” which will minimize data usage from automated types of system updates. Check with your equipment vendors to see if they have issued any recent software updates and ask them to limit any type of unscheduled process that would treat the device connection as if it were an unlimited access connection.
a. Check all connected devices, including DVRs, PC’s, Laptops, Ad Platforms, ATMs/BTMs, Jukeboxes, Monitoring Equipment, Cell Phones, Android Tablets, Kiosks, etc. Make sure that their access to the Internet through the OptConnect gateway is restricted to essential work-task activities. Check the configuration of those devices to ensure that they are not running automated software updates while connected to the OptConnect gateway. If possible, disable any web-browser access from a kiosk or connected device controller that could be utilized by staff or customers to openly browse the internet.
b. Restrict ALL non-work-related Internet web browsing activities. Also ensure that your connected devices cannot be used to establish a “WiFi hot-spot” connection that could potentially be accessed by unauthorized parties or route their traffic over the OptConnect gateway.
8) Check for ghost or background processes: Anything running “underneath” your primary customer application layer or running in the background as an automated process, could be using more data than you realize. Many times, nightly or regularly scheduled batch processes can get stuck (re-sending data repeatedly) or may run more frequently than necessary. Such processes should be closely monitored to make sure they are completing and that they are not running more frequently than required.
Most POS based systems which upload their daily inventory or transaction logs in a batch process, can be limited to overnight or an AM/PM schedule, rather than updating live in “real time” to reduce data usage, but again, such processes need to be scrutinized by your equipment vendor or IT manager to determine what is essential vs. what might be excessive. Start by disconnecting all but the most essential equipment from the network and shutting down all but the most essential software applications running on your appliances. Then, add back services/systems one at a time until you can pinpoint the source of the problem.