Security and Safety
In order to be able to talk about security, it is important to first know where threats can come from, what parts of a system can be attacked, where there are vulnerabilities, and what types of attacks are possible in each case.
Threats can originate from the inside of a network (Alan), from a legitimate user on the Internet (Bob), or from an unknown third party (Clark). Possible targets are, among other things, the local network or devices on the local network, server and network infrastructure, and computers of legitimate users.
Attacks can now be directed against various targets from various origins. Without going into detail, some possible attacks are listed here: interception attacks (eavesdropping), attacker pretends to be a legitimate user (impersonation), alteration of information during transmission (man-in-the-middle), dictionary attack on passwords (brute-force or dictionary attack), intentionally overloading the system so that it is no longer accessible (denial-of-service), infiltration by malicious software such as viruses and Trojan horses (malware), etc.
Conventional methods for remote access to networks often lack security measures, leading to more favourable conditions for threats.
Vulnerabilities in traditional methods for remote access to networks
Accessing networks usnig traditional methods such as port forwarding (NAT) allow individual services and protocols of certain devices on the network to be released externally. This entails some risks:
- Most protocols transfer data – including any user names and related passwords – in plain text and can therefore be monitored and manipulated.
- The target systems are often not secured at all, or only by standard passwords that are generally known. As a result, authentication is very simple in many cases as no further security measures are in place.
- The target systems in the internal network are directly exposed to dictionary attacks, for example, and must cope with these. This requires specialist IT knowledge, so that the systems can be appropriately protected, configured and maintained.
- Once the target system has been successfully accessed, it is in most cases possible to work from there as if one were directly on the network. As a result, the otherwise mostly unprotected network is threatened from the inside.
- Established access routes or user accounts are easily forgotten. Without corresponding documentation, one lacks the knowledge as to whether certain access routes are even needed any more.
- Access information is often distributed to multiple users. This makes it impossible to control who has access and when someone has accessed the network.
Security and safety of the HOOC solution
A distinction is made between the two ideas of security (“security against attack”) and safety (“operational safety”). “Safety” is used to denote the protection of the environment against an object, so a kind of isolation, and “security” describes the protection of the object against the environment, i.e. immunity or safeguarding.
The term system security is therefore used to denote a multitude of protective functions of various kinds. At HOOC, we do everything we can to give maximum support to our customers in controlling a variety of influences. So that their systems, data and processes are optimally protected against external influences and internal events.
Confidentiality (security)
Security when transporting your data – threats from the outside
HOOC operates according to a completely different principle from the conventional principle previously mentioned: an HOOC gateway installed in a network (for example, HOOC Connect) automatically connects to the HOOC Cloud. Therefore, no connection from the outside to the inside is ever built. The connection is realised using a 256-bit strong AES encryption with SHA signing. This same encryption technology is used for encrypted access to websites and is considered to be extremely secure. Thus, the data exchange between HOOC Connect and HOOC Cloud is secure for the entire duration of transmission and is unreadable for unauthorised third parties.
The HOOC Connect’s connection is terminated on an HOOC hub. A HOOC hub is a virtual construct that can be viewed as a physical network. Each HOOC Connect has its own HOOC hub in the HOOC Cloud, which means that the connected networks always remain completely separate from each other. As a result, mutual access to external networks is never possible, even if IP addresses or other bits of network information are known.
Man in the middle refers to a form of attack in which the attacker passes him/herself off as a server to the client, and as a client to the server. The “man in the middle” infiltrates communications between client and server and can read and manipulate data unnoticed and unimpeded.
The connection between HOOC Connect and its HOOC hub is protected against this type of attack. In the first instance, the entire communication is always encrypted, so that unauthorised reading of the data is not even possible. Furthermore, a mutual, certificate-based authentication mechanism already comes into play before a connection is established. As a result, the HOOC Connect, for its part, has the ability to check the identity of a target server. If it is not an HOOC Cloud server, no connection is established. Conversely, the servers in the HOOC Cloud have the same mechanisms at their disposal to check the identities of the HOOC Connects, and only allow connections from known HOOC Connects. The same authentication mechanism is used with the HOOC Connect Client as with HOOC Connect, so that no man-in-the-middle attack is possible here either.
All authentication mechanisms used – whether it be for the HOOC Connects and their clients or for the management portal – are protected against dictionary attacks. If too many failed login attempts occur within a certain time span, the assumed attacker is barred from the HOOC solution by firewalls.
Identification (security)
Security for authentication – password, email, account
For user authentication, HOOC uses a combination of an e-mail address and a password. Each e-mail address is uniquely assigned to a user account, which in turn is always assigned to a person who must correctly identify him/herself during the registration process. Anonymous user accounts are not possible with HOOC. As a basic principle, this always ensures that the parties involved identify each other when granting access. On this topic, please also compare the document on the subject of supporters.
All passwords used are checked by HOOC for their strength and must satisfy certain minimum requirements. Properties such as password length and use of uppercase and lowercase letters as well as special characters are standard. The stronger a password, the smaller the probability of guessing that password at random or of discovering it in a reasonable time through dictionary attacks. Strong passwords in combination with the above-described protection against dictionary attacks make HOOC’s authentication very secure.
The owner of a user account must be cited as the big vulnerability here. If passwords are made accessible to third parties in any way, then unrestricted access is made possible within the scope of granted authorisations.
Transparency (safety)
Who is doing what/who did what?
Access to a network using HOOC Connect is logged. This allows you to understand which user has accessed a network and for how long. The activities and manipulations carried out on the target network or its devices cannot be further logged with or through HOOC.
The logging of various activities in the management portal is continually being expanded so that information concerning safety-relevant actions is available to be used for gaining insight at a later date.
Threats by legitimate users
Any legitimate user in a network is also a threat – be it through ignorance, mis-manipulation or intent. For this reason, it is extremely useful, particularly in the case of remote access, to have certain mechanisms (for example session logs) at your disposal, which can be used to determine what actions a user is allowed to perform, and which stipulate that the user’s activities can be tracked. Furthermore, access on an IP basis can be restricted.
Conventional methods for remotely accessing networks, such as port forwarding, mentioned at the outset, generally have no functionality in this regard.
Immediacy (safety)
Performance and scalability of the HOOC Cloud
The HOOC Cloud constantly measures and documents the utilisation and functionality of a large number of system components in order to be able to provide additional performance in a very short time when needed. This ensures that the immediacy of events and control information can be guaranteed.
Robustness (safety)
Who is allowed to do what?
HOOC Connect is based on a hierarchical model for access management (see graphic), which can be managed via a user-friendly management portal in the HOOC cloud via a web browser. A user (reseller or customer) at a certain level always has the permissions for that corresponding level, as well as all levels below it. This applies to the management portal as well as to remote access.
Because of the layer 2 tunnelling technology that underlies HOOC Connect, in cases of remote access, one always gains entry to the entire target network. While this is indispensable for many applications – and a major advantage of HOOC Connect versus other solutions – it can be undesirable for other applications and requirements. HOOC therefore offers network filters, which can be activated and configured via the management portal. This offers the possibility of blocking all network traffic and then, in a further step, re-granting access to certain target devices or their services.
Supporters represent a special type of user, who can be granted very specific permissions, above and beyond those limits for resellers, customers and sites. This prevents the access information from user accounts from being distributed to several people – each supporter has his or her own personal user account and is thus identified. On this topic, please also compare the document on the subject of supporters.
The accesses assigned to a supporter can be activated or deactivated at will, and by necessity must be limited to a set time period. This prevents a supporter from still having uncontrolled access weeks, months or even years later, unnoticed by the owner of the network.
While a supporter, upon accessing a network, has the same capabilities as a regular user (reseller/customer) or a user in the local network, his access to the management portal can be restricted. By default, a supporter on the assigned hierarchy level only has read privileges, whereas he can edit the levels below (write privileges). The supporter can be granted additional write privileges for that level to which he/she was assigned by activating the so-called admin flag.
HOOC security checklist
| Aspect | Description | HOOC |
|---|---|---|
| Identification (Security) | Secure identification of sender and receiver prevents commands and status information from being passed on to the wrong addressee or such people from fooling the system (identification code, one-time registration) | |
| Identification (Security) | Data and commands must be protected against third-party tracking (encryption) | |
| Availability (Safety) | Communication between sender and receiver must be safeguarded at all times (hot standby, data backup, self-tests) | |
| Transparency (Security) | All actions between sender and receiver must be able to be traced as needed (logging) | |
| Immediacy (Safety) | Events and commands must be able to be executed sufficiently quickly at all times in order to be able to respond in a timely manner as the process requires (scalability) | |
| Robustness (Safety) | Security against input errors, manipulations and incorrect, old data, so that the system does not fall into an uncontrolled state (user interface and backend check) |