Domorela's Blog: Security by Design: Secure components

Domorela allows to reduce the attack surface, because is a security hardened platform and allows for a series of mechanics to design and deploy projects using security measures in order to improve IT security. For example, among other security measures taken during its design, its hardware includes security components dedicated to AAA security and its embedded software is a custom toolset to avoid attacks conceived for well known embedded operation system distributions.

Related to AAA security, by combining hardware security components with the use software cryptography we ensure that user passwords are only valid on a single unit of Domorela. So, when exporting a configuration, users aren't included on it and is mandatory to define new custom users and passwords in the new unit where configuration is imported. This enforces security not only within Domorela but also in the projects where Domorela is used. Obviously changing default passwords for the default users and a correct use of passwords is a must to achieve AAA security and is responsibility of administrators and end users.

As another security measure Domorela is hardened using software components to avoid port scanning and does not initiate new connections, answering only valid connections from authenticated users connecting to it from valid IP address ranges. Port scanning protection is enabled by default and doesn't need to be configured, but configuration of address ranges is needed to achieve this protection and is responsibility of administrators.

Another decision about components and security was not to include a wireless interface because we ever thought that radio communications are insecure, being their most important weakeness related to the service availability of the wireless network because they are exposed to radio signal inhibitors that could destroy radio waves. So Domorela is equiped with an Ethernet interface to be connected via wired network.

 

Our next article will be published in September.

Blog Articles