1

I am currently doing a proof-of-concept to remotely access a robotic arm at a client site through the internet. I got it working, using x11vnc to connect to the robot over the Local network but now I have to look into the security considerations to access it over the internet.

Firstly, a Firewall, limited to only accept my work places current IP address and only for port 22 (SSH and SFTP) and 4900 (VNC)

Secondly, an SSL certificate for the VNC and SSH(?)

Thirdly, your standard password protection

Would this be enough to make the robot secure?

Just in case this is relevant, the robot runs on debian and I can't adjust any modem settings myself, so it will have to be done on the robot.

Shadowzee
  • 119
  • 3
  • SSH has its own RSA/other keys, not SSL, but the idea is the same. I assume you are referring to client-provided certs, not server provided? – SomeoneSomewhereSupportsMonica May 30 '18 at 07:13
  • @someonesomewhere Im not too sure about the ssl and which direction its checking in. I was looking at the x11vnc page on ssl and i think its for the server so the client knows if they are being man in the middled. Do you have a link on how to check the client certificate? – Shadowzee May 30 '18 at 07:17
  • I think the question does not describe all aspects of the use case which are needed to evaluate if the security offered by your idea matches the security required. A typical scenario in remote management of client systems by some external support is that the clients wants to restrict when the external support can connect, wants to know exactly what the support is doing, maybe take a video of the support session and keep any transferred files for later analysis if something went wrong etc. Your solution offers none of this but it is unknown if it is required in your use case. – Steffen Ullrich May 30 '18 at 07:18
  • @SteffenUllrich That was brought up where we would only be able to upload files and only be able to view the robot over the vnc rather than full control. I also brought up that we could have the client start the vnc service when they wanted us to provide support. However its still in a proof of concept stage, so its more to show that it can be done and that it is fairly secure. – Shadowzee May 30 '18 at 07:26
  • 1
    @Shadowzee: let me rephrase my comment: **you ask if it is enough security but don't specify any security requirements**. Without knowing these requirements one cannot decide if your idea fits the requirements. Thus, please add the requirements to your question (and not in a comment). – Steffen Ullrich May 30 '18 at 07:29
  • 2
    Adding to @SteffenUllrich's comment just now, whenever you find yourself asking **is this secure?** you have to specify **against what?** because, frankly, what you're protecting *against* has huge implications on the security measures needed. A part of the answer to that is also *what are the consequences of a breach?* Once you have specified those, we have a fighting chance of being able to work out whether the specified security measures are likely to be sufficient; or rather, see if there are any gaping holes in plain view somewhere. – user May 30 '18 at 07:32
  • @SteffenUllrich (sorry the tagging isnt autocompleting like im use to) just before I edit the question, if i say an an individual level, would I then need to specify how skillful the individual was and how much resources they have available and how close to the network they would be able to get( like lan access) or would at a single person level be enough? I think i need to reconsider the question and I wont be able to get better answers until tomorrow ( im no longer at work) so feel free to flag or close the question if its too broad right now. – Shadowzee May 30 '18 at 07:45
  • 1
    @Shadowzee: if you want to secure something you need to have some idea of what kind of attacker you imagine. This is is often related to how valuable the resources are which you need to protect. And often there are also existing security measures which prevent some attacks already so you need to take these into account to. Securing something is essentially risk management - the first step is that you know your risks. Only then you can try to reduce the risk (using security measures, insurance...) until you have some low risk left which you are willing to accept. – Steffen Ullrich May 30 '18 at 08:05
  • It is impossible to determine if it is secure enough if we don't know what it is handling. If it is petting plastic cats in front of a webcam, then the answer is probably yes. If it is mixing experimental deadly pathogens, then the answer is probably no. – niilzon May 30 '18 at 12:36

0 Answers0