Software Security

Hi folks,

Over the past two months I’ve been approached by the environmental departments of a couple large corporations about installing Motus station on their sites.

One of the questions I get is, “how secure is the sensorgnome software?”. Unfortunately I don’t really have a good answer for them.

I know that given the right conditions (from phishing to zero-day vulnerabilities) any software exposed to the internet can be “hacked” but is there documentation that I could provide them to explain “how secure” sensorgnome currently is?

Has any worked this issue before?

Thanks

Mark

For the Sensorgnome V2 software I did write up info about security: Sensorgnome security and networking | Sensorgnome V2 User Guide
I’d be happy to answer any specific questions. I have worked on remote control software sold to banks to run on their cloud servers in the past, so I have some experience (and scars) but I’m sure I forgot most of the lingo… :-)

i’m no networking guru and would defer to experts. however you might factor in your actual use case.
Eg do you need to expose the web interface or ssh? or can you go onsite and directly connect? also a “large company” IT department may have a lan outside of their firewall (sometimes called a dmz?) that you sg can be on… also many wifi nets have a “guest” wifi network that the router can prevent access to internal network resources. the key would be to limit exposure to only features you really need.

Hi Rich,

Thanks for the reply. Yes, the company I used to work at provided contractors with a locked down account on the business LAN. Worked reasonably well. I don’t see a SG being too much different.

I think these two companies wanted to know the OS, the patching, and the method used to transfer the data.

In retro spec, rather than working the issue here, I’ll just point them to Motus directly to ask their questions.

Mark

Sorry Thorsten, somehow I missed your email until I actually opened this thread. I’ll pass along the documentation and offer you as point man for questions. One company seems quite interested and they have facilities with significant structure above trees.

Hopefully no more scars… ;)

Mark