RE: Securing eRIC express

["Thomas D." <whistl0r () googlemail com>]

Paul wrote on Wednesday, January 03, 2007 6:15 PM:
> Looks like the eRIC provides some decent security features, including
> 256-bit SSL encryption, the ability to create individual security
> certificates, and even supports LDAP and RADIUS for remote connections.

That's right. The traffic between clients and card will be secure, because
of the SSL encryption, but when someone find this card, he have all the time
to crack the username/password :(

Well, we can use strict usernames and passwords, but with all the time, you
can do everything...


> However, I would still be concerned with connecting these cards
> directly
> to the Internet, as it exposes the device to the general public and
> this
> could result in undesired probing and poking.

Full acknowledgement.


> I would recommend restricting the access to these cards with logical
> network security  -- implement a firewall that restricts traffic to the
> bare minimum (deny all traffic by default, and allow only these
> specific
> IP addresses and ports).
>
> Additionally, you could expand on that by implementing a site-to-site
> VPN, 

We contacted our datacenter if we can restrict connection to this eRIC card
to our static corporate IP address.
I think this would solve all security concerns.




---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------