Security Basics mailing list archives
Re: Securing eRIC express
From: Paul daSilva <paul () pauldasilva net>
Date: Wed, 03 Jan 2007 12:15:23 -0500
Thomas,Looks like the eRIC provides some decent security features, including 256-bit SSL encryption, the ability to create individual security certificates, and even supports LDAP and RADIUS for remote connections. However, I would still be concerned with connecting these cards directly to the Internet, as it exposes the device to the general public and this could result in undesired probing and poking. I would recommend restricting the access to these cards with logical network security -- implement a firewall that restricts traffic to the bare minimum (deny all traffic by default, and allow only these specific IP addresses and ports).
Additionally, you could expand on that by implementing a site-to-site VPN, maybe using publicly non-routable IP addresses for the eRIC's, which you incorporate into your internal LAN infrastructure (eg: you at office location 1 on the LAN with IP address 192.168.1.100, connecting to an eRIC at office location 2 with IP address 192.168.2.20). All traffic between the 2 locations would be tunneled and encrypted.
Product Link http://www.raritan.com/products/remote_access/eric_express/prd_cms_index.aspx?currpg=prd_cms_index&name=eRIC%20express&content_category=1&overview_flag=Y&features_flag=Y&spec_flag=Y&support_flag=Y&status=4
Cheers, Paul Thomas D. wrote:
Thx for your reply. Nick Owen wrote on Tuesday, January 02, 2007 11:40 PM:Could you route logins through an SSH gateway that could require a stronger form of authentication?No, I don't think this is possible. The server with the "eRIC express" card will be hosted far away from our location and the datacenter is planning just to connect both nic-ports directly with the internet.
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Paul daSilva (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- Re: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- <Possible follow-ups>
- Re: RE: Securing eRIC express barcajax (Jan 04)
- Re: RE: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- Re: RE: Securing eRIC express vladimir . jirasek (Jan 04)