Secure Remote Access For Embedded Devices
Providing remote access to a variety of equipment, particularly where they are connected to a data network, raises significant security concerns and administrative problems for customers, service suppliers and equipment maintainers.
Network administrators need to ensure that edge devices are hardened against brute-force attacks, denial-of-service attacks and other external threats. At the same time a solution is required to allow network access to legitimate users such as home workers and third party suppliers and maintainers.
Our secure remote access products can help:
- Make legacy and non-networkable devices remotely accessible.
- Provide you with an alternative method of accessing critical equipment in times when traditional network communication becomes disrupted.
- Manage the 'Who', 'How' and 'What' of user access.
We can provide a simple yet secure method for you to provide access to potentially large numbers of multi-vendor equipment by your engineers and administrators.
Using a Tracker Remote Node you can add additional layers of security around network appliances, find alternative means to provide remote access to equipment and even put devices onto the network that have no native IP interface.
A Tracker Remote Node is rack mountable or comes as a standalone unit (with a compact footprint). It will connect to your other appliances via IP or serial link and has options for discrete alarm points and control relays. It supports inbound connections through either IP or dial-up connections, with advanced security options available for each to ensure the best possible protection.
In large installations, you can pair the Tracker Remote Nodes with our solution for privileged access management to add yet more layers of security. You will also reduce the administrative hassles associated with multiple users connecting to multiple equipment at multiple sites.
Where no IP network is available, remote access over standard telephone lines via a modem is the best alternative; for some purposes, it may even be the simplest solution. However, it also represents the easiest way to bypass any IP security and gain a foothold on an IP network. Consequently, in addition to a standard username and password, the Tracker features:
Utilising the Caller ID or ANI service, the modem within the Tracker will only answer the call if it is from a pre-programmed number.
The Tracker Remote Node is capable of connecting a user to the IP network using PPP, the industry standard networking protocol.
There are two options available for IP access; in-band and side-band.
In-band access is a straightforward connection to the IP address of the Tracker Remote Node. In addition to the standard username and password, the Tracker includes a packet filtering firewall. This can be used in addition to the corporate firewall to ensure that access can only be gained by users with a specific IP address to specific ports.
Side-band access creates an encrypted tunnel to the Tracker, through which all the keystrokes and any other data passes. This makes it impossible for packet sniffers to determine what data is being passed between the Tracker and the client.
The Tracker will support the standard SSL protocol for telnet and FTP access. This will enable a client such as a system administrator/engineer to use their PC to establish a completely secure connection to the Tracker. This connection could be routed out of one corporate network, over the Internet and onto a second corporate network. The only requirements on the second corporate network would be to allow the SSL tunnel through the corporate firewall.
The Tracker also supports VPN connections using the strong 128-bit Microsoft Point-to-Point Encryption (MPPE) and the industry standard IPsec to create a secure tunnel. This is suited to situations that demand a more permanent connection to the Tracker.
To our knowledge, there have been no successful hacking attempts on a Tracker that is out in the field. We continue to update the Tracker so that our customers feel confident in allowing the Tracker onto their corporate networks.