Security Overview of Our Remote Management System

All RMS databases are encrypted and accessible only to a limited number of authorised personnel. RMS itself is hosted on Amazon Web Services (AWS), an industry staple renowned for incorporating over 300 security, compliance, and governance features and services alongside 143 security standards and compliance certifications.

The backend servers of RMS are located in Frankfurt, Germany, and its frontend servers are distributed worldwide to ensure reliable performance. Its four VPN servers are located in Germany, the U.S., Australia, and Bahrain.

Device-server communication uses a custom communication protocol developed in-house. This protocol is transported via the MQTT protocol with TLS 1.2 encryption. RMS also utilises routine communication certificate rotation, done individually for each device to ensure secure communication between the RMS server and your networking devices.

RMS account security

RMS uses the Oauth2 protocol to ensure secure user authentication and logs every user-device interaction. This log is accessible to the account’s administrators. Teltonika Networks engineers cannot access your account and networking devices without you granting them permission to do so first.

Every RMS account can enable multi-factor authentication (MFA) via select factors, including email, time-based one-time password (TOTP), and a custom Teltonika ID with biometric authentication. Single sign-on (SSO) authentication is also possible, enabling easier management of access to existing infrastructure. Notably, certain function of our remote management tool, such as API, cannot be used without MFA being activated.

RMS security development cycle

The Teltonika Networks cybersecurity team adheres to a rigorous security development cycle (SDL) for each upcoming new release, feature, or update of RMS (hereafter: application). This cycle consists of the following six steps:

1) Training – Training materials and a developer test are drafted. This is a pre-requirement of the cycle, designed to address areas such as the SDL itself, coding best practices, attack types and surfaces, session and error handling, input validation, access control, etc.

2) Requirements – The basic requirements of the application are drafted. These requirements are usually simple and static, providing clear answers to questions such as which encryption algorithms are most appropriate, where user input will be present, how will validation be implemented, etc.

3) Design – The security team collaborates with the software developers of RMS to fulfil the following objectives:

• understand the application, its purpose and operation, etc.;
• draft a threat model of the application;
• generate a threat list of the threat model, identifying potential security design flaws and attack surfaces;
• review the threats manually using penetration tests and address any potential threats.

4) Implementation – The security team maintains static code scanning, reviews, and approval throughout the application’s development.

5) Verification – Penetration tests are performed and documented based on the drafted threat models.

6) Release – All documents are finalised and archived. Lessons are reviewed and incorporated into the next lap of the SDL.

Secure remote management

Ultimately, there is no room for cutting corners when it comes to IoT security. Our remote management system ensures that your remote IoT device monitoring, management, and control operations are thoroughly safeguarded.

If you have any questions or require additional information regarding the security of RMS, we encourage you to reach out to us by pressing the button below.