Security
Anti-Virus/Firewalls
The normal system entry points for a virus are email and storage. The RF500 is not able to receive e-mails
and has no accessible storage making this very difficult.
Since this is a Linux based system, for a virus to be successful it would have to find a way onto the hard disk
and then be manually executed as the root user. A virus needs root user privileges to enable system wide
infection.
This would be particularly difficult to gain root access as there is no way to login as a user and an attacker
would have to know the following:
• An entrance mechanism to allow login.
• One of the User accounts (user name and password protected) that has permission to “super user
up”.
• The root password.
It is also worth remembering there are only a small number of Linux viruses in the wild and hence the
likelihood of infection is reduced even further.
Since the RF500 does not provide any storage visible (shared drive or otherwise) to the network it cannot
provide storage for any Windows viruses that may spread through network drives.
Therefore to save the on going subscription costs to the customer of Anti-Virus software, the inevitable drop
in performance of the system, plus the need for constant daily updates, and in discussions with other IT
professionals, Comark has taken the decision that Anti-Virus software is not required. We firmly believe that
the safeguards put in place to protect the system and that we have carefully chosen the main system
software makes this the correct decision for RF500.
Ports in Use
RF500 & RF500LITE:
Port 80: HTTP port open for web server access (listening port).
Port 25: SMTP port open but not listening used for sending e-mails not receiving.
Port 113: Auth port (listening port).
Port 445: SMB network share port to access shared drives for sending CSV export data and or data
backup.
Port 8889: RF500 backup software port (existing software listening port).
Port 8888: RF500 backup software port (existing software).
RF500A & RF500A/P:
Port 80: HTTP port open for web server access (listening port).
Port 25: SMTP port open but not listening used for sending e-mails not receiving.
Port 139: Netbios-ssn (used by shared drive)
Port 445: SMB network share port to access shared drives for sending CSV export data and or data
backup.
The Determined Hacker
Of course no PC or Linux system can be completely safe from the determined hacker especially if they can
gain physical access to the equipment. However should a hacker obtain access to the RF500 Gateway we
must assume that it has been compromised, All passwords should be changed after a suspected attack.
There is no more a threat to the LAN and other connected equipment than if a PC connected to the LAN
were compromised.
Gateway-IT-Note-Issue-10 Page 6 of 9
(42 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern