About security vulnerabilities
===============================

Technically it is relatively easy to create implement networks that are almost impossible to break:
A network that is technically so secure that mistakes or carelessness of legimate network users are the real risk. There are ready tools, like TLS, server certificates, user accounts, firewalls, and system-level security, which, if used correctly, will provide practically bulletproof protection.

Since IOCOM procides only communication security: If someone steals an IO device or hacks it's internal memory open by other means: The crook can pretend to be that IO device. Similarly a if someone is able to hack into hard drive of the server computer, the malicious person can preted to be that server and gain access to whole IO device network. 
Preventing this is part of device security.

If user interface saves the password (what is handy), then theft or "loan" of the UI device becomes a major issue. Some UI devices can be protected against this, like cell phones that will not allow log in without PIN code. 

There are few good publications worth something. RFC2196 is probably the best I have come across, 
and that is what we try to follow. https://tools.ietf.org/html/rfc2196

191024, updated 21.2.2021/pekka