Security Basics mailing list archives
RE: Securing eRIC express
From: "Thomas D." <whistl0r () googlemail com>
Date: Wed, 3 Jan 2007 22:59:52 +0100
Paul wrote on Wednesday, January 03, 2007 6:15 PM:
Looks like the eRIC provides some decent security features, including 256-bit SSL encryption, the ability to create individual security certificates, and even supports LDAP and RADIUS for remote connections.
That's right. The traffic between clients and card will be secure, because of the SSL encryption, but when someone find this card, he have all the time to crack the username/password :( Well, we can use strict usernames and passwords, but with all the time, you can do everything...
However, I would still be concerned with connecting these cards directly to the Internet, as it exposes the device to the general public and this could result in undesired probing and poking.
Full acknowledgement.
I would recommend restricting the access to these cards with logical network security -- implement a firewall that restricts traffic to the bare minimum (deny all traffic by default, and allow only these specific IP addresses and ports). Additionally, you could expand on that by implementing a site-to-site VPN,
We contacted our datacenter if we can restrict connection to this eRIC card to our static corporate IP address. I think this would solve all security concerns. --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Paul daSilva (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 02)
- Re: Securing eRIC express Nick Owen (Jan 02)
- Re: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- <Possible follow-ups>
- Re: RE: Securing eRIC express barcajax (Jan 04)
- Re: RE: Securing eRIC express Ansgar -59cobalt- Wiechers (Jan 04)
- RE: Securing eRIC express Thomas D. (Jan 04)
- Re: RE: Securing eRIC express vladimir . jirasek (Jan 04)