Re: [Embedlets-dev] Re: [Arch]embedlets & security
Status: Alpha
Brought to you by:
tkosan
Menu
▾
▴
Re: [Embedlets-dev] Re: [Arch]embedlets & security
|
From: Gregg G. W. <gr...@sk...> - 2003-02-10 03:46:54
|
>> Encryption for many network connected devices is typically left to the >> network transport devices instead of the small field devices since it >> would typically double the cost to support it on each device. >> >> But, some environments might need it at the devices, and be willing to pay. > >As TINIs with integrated networking might be deployed wherever a network >connection is available or even connected to a GPRS modem at a remote >location I feel we should make security integral part of our design. >Please note, I'm talking about security, not encryption. Security starts with the ability for both ends to accept each other for who they are, respectively. This does not necessarily require encryption. A simple form of security is encrypted tunnels between two specific network entities. This is one way to let the authentication at each entity control who has access to the controlling operations of that entity. This can keep one entity from forcing its view of authentication onto another. If you want to use key'd authentication as a standard mechanism for remote access, that would be a valuable service to have available. However, I think that it would be best to make it an optional layer, rather than a required, base service. One of our customers uses private IP networks out from their top level brokers, and uses VPNs into the brokers for access. Logins on the brokers control access to the private network. From the brokers, you can telnet/ftp to the field equipment and manage it. If someone changes responsibilities, their account is removed from the brokers and they loose access to the field devices, without 1000 devices having to be told about a security change... ----- gr...@cy... (Cyte Technologies Inc) |
Thanks for helping keep SourceForge clean.
X