As a supplier of both router hardware, and a cloud solution, the StrideLinx Cloud, it is our responsibility to give our customers the knowledge and tools to help them make the best decisions to keep their installations secure. This article will give insight into the most important security-related aspects of StrideLinx’s products and can be used to harden your StrideLinx environment against cybercrime.
Please use the links below for easy navigation.
- The StrideLinx Cloud
- The StrideLinx router
The StrideLinx Cloud
The StrideLinx Cloud is used to gain access to your machines and their data. You can log in from any device that has access to the Internet, including mobile phones, tablets and laptops. Within the StrideLinx Cloud, there are several important aspects to consider.
Your StrideLinx Cloud account is used to authenticate yourself to our systems. In the first place, you use a username (i.e. an email address) and a password to log in. It is crucial that you choose a password that is hard to guess, long and unique. Generally speaking, to be safe you need a password that is at least 12-15 characters long. See how to register with a password or how to change the password of an existing account.
Besides a strong password, it is recommended to enable two-factor authentication (2FA). This means that you not only need a username and password to log in, but also a one-time code that can be generated with a specific mobile phone. See how to set up 2FA for your account and how to enforce 2FA for all users in your company for additional details.
Every time you log in the StrideLinx Cloud, you request a temporary Access Token, which can be used for up to 24 hours or 30 days (depending on the option [Keep me logged in], meaning you do not need to enter your credentials every time you access the StrideLinx Cloud on the same device. It is good policy to regularly sanitise which Access Tokens are active for your account. You can do this through the following steps:
- Go to the StrideLinx Cloud if you're not already there.
- Click on your account name, then [My profile].
- Go to [Login and security] and choose which sign in you would like to remove.
- Click on more options then [Remove] to remove that access token.
Rights and permissions
Every user within your company has a specific set of permissions governing what they can and cannot do. You should strive to always ensure users only have the permissions they need to do their job (a.k.a. the principle of least privileges). See how to configure roles and permissions for existing users for more information. When inviting new users to your company, take a moment to consider the implications of giving people too many permissions; They might have access to confidential information or they might (accidentally) remove users, devices or services. See how to invite users with a specific set of permissions for more information.
The StrideLinx router
The StrideLinx router is the edge hardware compatible with the StrideLinx Cloud. It has a built-in firewall separating your machine components from your corporate network. This separation ensures maximum security as machine components can not interfere with corporate assets, and vice versa. Even outdated software (i.e. Windows XP) can still be used safely, as long as it is insulated by the StrideLinx router’s firewall.
The StrideLinx router needs to be allowed access to the StrideLinx Cloud to set up its connections needed for remote access, Cloud Logging, etc. Because opening incoming ports is inherently dangerous and error-prone, we have designed the StrideLinx router to only need outgoing port 443 to function properly. If this port is open, the StrideLinx router will attempt to contact StrideLinx Cloud servers for HTTPS, MQTT (over TLS) and VPN traffic. If opening port 443 is too permissive for your local IT department, it is also possible to whitelist specific StrideLinx domain names in your local firewall. More information can be found here.
StrideLinx router firewall
As a router, the StrideLinx router has many options relating to network traffic and firewall, it is important that you are aware of the security implications of these. By default, the StrideLinx router’s firewall is configured to be as strict as possible, but it is possible to allow access to the Internet or to the corporate network. The StrideLinx router also contains a web interface, which can be used to locally configure the router’s network settings. Note that it is good policy to change the default password to a unique strong password.
The StrideLinx router receives multiple new firmware versions every year, and while most of these do not contain security updates, some of them contain software updates or changes to encryption. Upgrading your installation to the latest version is trivial to maintain the security of your StrideLinx environment. During the upgrade, the router may reboot or briefly lose network connectivity and therefore we cannot automatically upgrade StrideLinx routers.
Keeping your installations secure is our number one priority, and therefore we think it imperative to share our knowledge on how to harden your StrideLinx environment. In the end, every case is different, but everyone must be aware about the control they have to minimize the cybersecurity risks.