logo

Security Overview of Our Remote Management System

#2024, #rms, #security, #cybersecurity

March 6, 2024

The security of Teltonika Networks RMS is just as comprehensive and robust as its remote management and device monitoring capabilities. This article overviews the platform’s SDL and the key elements of its server, communication, and account security. 

RMS Security Banner

RMS is a robust remote management system, facilitating easy access, management, and control capabilities for the fleet of networking devices of your solutions. Its list of features is rich and comprehensive, ranging from custom alerts and automation schemes to flexible API support.

But none of that would matter if this remote management tool has any security weak spots.

When it comes to remote management in IoT, security is the first, second, and third highest priority. It is precisely for this reason that Teltonika Networks regards the security of RMS with utmost importance.

RMS server & communication security

post image

All RMS databases are encrypted and accessible only to a limited number of authorised personnel. RMS itself is hosted on Amazon Web Services (AWS), an industry staple renowned for incorporating over 300 security, compliance, and governance features and services alongside 143 security standards and compliance certifications.


The backend servers of RMS are located in Frankfurt, Germany, and its frontend servers are distributed worldwide to ensure reliable performance. Its four VPN servers are located in Germany, the U.S., Australia, and Bahrain.


Device-server communication uses a custom communication protocol developed in-house. This protocol is transported via the MQTT protocol with TLS 1.2 encryption. RMS also utilises routine communication certificate rotation, done individually for each device to ensure secure communication between the RMS server and your networking devices.

 

RMS account security

RMS uses the Oauth2 protocol to ensure secure user authentication and logs every user-device interaction. This log is accessible to the account’s administrators. Teltonika Networks engineers cannot access your account and networking devices without you granting them permission to do so first.


Every RMS account can enable multi-factor authentication (MFA) via select factors, including email, time-based one-time password (TOTP), and a custom Teltonika ID with biometric authentication. Single sign-on (SSO) authentication is also possible, enabling easier management of access to existing infrastructure. Notably, certain function of our remote management tool, such as API, cannot be used without MFA being activated.

 

RMS security development cycle

rms-security-in-article-2.jpg

The Teltonika Networks cybersecurity team adheres to a rigorous security development cycle (SDL) for each upcoming new release, feature, or update of RMS (hereafter: application). This cycle consists of the following six steps:


1) Training – Training materials and a developer test are drafted. This is a pre-requirement of the cycle, designed to address areas such as the SDL itself, coding best practices, attack types and surfaces, session and error handling, input validation, access control, etc.


2) Requirements – The basic requirements of the application are drafted. These requirements are usually simple and static, providing clear answers to questions such as which encryption algorithms are most appropriate, where user input will be present, how will validation be implemented, etc.


3) Design – The security team collaborates with the software developers of RMS to fulfil the following objectives:

  • understand the application, its purpose and operation, etc.;
  • draft a threat model of the application;
  • generate a threat list of the threat model, identifying potential security design flaws and attack surfaces;
  • review the threats manually using penetration tests and address any potential threats.


4) Implementation – The security team maintains static code scanning, reviews, and approval throughout the application’s development.


5) Verification – Penetration tests are performed and documented based on the drafted threat models.


6) Release – All documents are finalised and archived. Lessons are reviewed and incorporated into the next lap of the SDL.

 

Secure remote management


Ultimately, there is no room for cutting corners when it comes to IoT security. Our remote management system ensures that your remote IoT device monitoring, management, and control operations are thoroughly safeguarded.


If you have any questions or require additional information regarding the security of RMS, we encourage you to reach out to us by pressing the button below.

LIKE THIS STORY?
Share it with friends!
GOT A QUESTION?
We’re here to help!
Contact us