Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: Securing eRIC express

Re: Securing eRIC express

From: Paul daSilva <paul_at_pauldasilva.net>
Date: Wed, 03 Jan 2007 12:15:23 -0500

Thomas,

Looks like the eRIC provides some decent security features, including
256-bit SSL encryption, the ability to create individual security
certificates, and even supports LDAP and RADIUS for remote connections.
However, I would still be concerned with connecting these cards directly
to the Internet, as it exposes the device to the general public and this
could result in undesired probing and poking.

I would recommend restricting the access to these cards with logical
network security -- implement a firewall that restricts traffic to the
bare minimum (deny all traffic by default, and allow only these specific
IP addresses and ports).

Additionally, you could expand on that by implementing a site-to-site
VPN, maybe using publicly non-routable IP addresses for the eRIC's,
which you incorporate into your internal LAN infrastructure (eg: you at
office location 1 on the LAN with IP address 192.168.1.100, connecting
to an eRIC at office location 2 with IP address 192.168.2.20). All
traffic between the 2 locations would be tunneled and encrypted.

Product Link
http://www.raritan.com/products/remote_access/eric_express/prd_cms_index.aspx?currpg=prd_cms_index&name=eRIC%20express&content_category=1&overview_flag=Y&features_flag=Y&spec_flag=Y&support_flag=Y&status=4

Cheers,
Paul

Thomas D. wrote:
> Thx for your reply.
>
> Nick Owen wrote on Tuesday, January 02, 2007 11:40 PM:
>
>> Could you route logins through an SSH gateway that could require a
>> stronger form of authentication?
>>
>
> No, I don't think this is possible. The server with the "eRIC express" card
> will be hosted far away from our location and the datacenter is planning
> just to connect both nic-ports directly with the internet.
>
>
>
>

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Received on Jan 04 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos