Shulou(Shulou.com)11/24 Report--

In the field of remote control, security has always been the core keyword. How to ensure the security of the whole process of remote control is an important topic for remote control manufacturers.

In view of security, the national-level remote control brand Sunflower remote Control recently put forward the "whole process security closed loop" system, which is based on remote control technology and related scenarios, integrates many security function strategies, and ensures the safety of user remote control in all aspects. Here we will make a simple analysis of this system and its functions, and specifically understand the remote control security capability of sunflower remote control.

Remote control security strategy: taking the controlled end as the core

The core of the "whole process safety closed loop" system launched by Sunflower 15 is the "controlled end" in remote control. Based on the principle of remote control and the analysis of common scenarios of remote control, it is inevitable and reasonable to take the "controlled end" as the core.

Whether we need to receive or provide remote assistance to others, or we need to remotely control devices where we are not around, we observe the topology of remote control, and the location of the controlled end is closer to the center of privacy or confidential information. are at the core of security.

At the specific functional level, when others initiate a remote desktop request to us, we can avoid some of the risks in advance through the following function settings, including double authentication access, anti-harassment policy, and accused risk reminder.

In the process of remote assistance, the sunflower also ensures that, as the assisted party, you firmly grasp the leadership of your own equipment and prevent the device from getting out of your control through the following functions, including: real-time protection of risk processes, list of sensitive processes, sending alarm notifications through Wechat, and the controlled side is in a leading position in operation.

When remote assistance is over, sunflowers also provide retrospective means: we can view detailed records of operations such as remote control and file transfer, which can also be sent to your sunflower software and bound Wechat through the notification function mentioned above.

Remote control of their own unattended equipment is also very safe.

Another typical scenario of remote control is represented by telecommuting, which remotely controls unattended devices that belong to themselves but are not around.

In this scenario, our security concerns mainly come from the privacy leakage of the controlled equipment, and the sunflower remote control also carries the corresponding function to prevent the controlled device from becoming a new "security exposure" and ensure privacy security.

When sunflower remote control is deployed to a new device, we need to perform [device login verification] when logging in, that is, to verify the identity of the logger. At the same time, remote login will issue an alarm to ensure that the login environment and identity are trusted.

In addition, when sunflower initiates remote control of unattended devices, it adopts a [double password protection] strategy, which can use account password + local system username and password double check to further improve the security of the controlled terminal.

When we are remotely controlling our own remote devices, sunflowers support strategies such as setting privacy screens, client-side automatic locking, and automatic screen locking after being charged.

At the level of enterprise remote control, sunflower has already worked deeply in safety. Based on the safety logic of "precaution in advance-guarding in the event-tracing afterwards", it has constructed a perfect and flexible security framework for enterprise remote control requirements.

The security framework includes many practical and mature functions, such as fine authorization based on prior prevention, multi-factor security protection, watermarking strategy based on in-process guard, software custom permissions, log audit based on retrospective, hardware change record, etc.

According to their own needs, enterprises can adjust the most appropriate overall security strategy, flexibly respond to the security needs of specific business, and achieve independent, multi-scenario, multi-purpose security remote control.

Among the security strategies that can be adopted by enterprises, the functions recently launched, such as "controllable file transfer direction", "prohibit remote control of personnel outside the enterprise", "client operation protection", "remote control automatic disconnection & background batch end remote control" and other functions are of great practical value. You can focus on the relevant information.

Security Technology Architecture: analysis of underlying Security Design for remote Control

Berry sunflower has a reliable underlying authentication mechanism and communication security design to ensure that the controlled end can be remotely controlled only with the authorization of the user. at the same time, it also ensures the secrecy of communication data and information security.

In terms of architecture deployment, the sunflower service system uses micro-service architecture and containerized deployment, through transparent encryption and other storage technologies to achieve basic data security, and the application layer to achieve desensitization and encrypted storage of sensitive data.

Berry sunflower also separates the business of the enterprise version and the personal version, and the two do not interfere with each other. At the same time, Berry sunflower supports privatization deployment. All data, including configuration information and log information, can be stored in the local server provided by users, and the privatized version of Berry sunflower does not have any data communication with the public cloud version and other privatized deployments.

In terms of authentication, Berry Sunflower guarantees that only the accused client can issue access authorization for remote sessions. Without authorization, even Berry sunflower clients in the same local area network will not communicate with each other or establish any data connection.

On the other hand, Berry sunflower stores important authentication information of the controlled side locally, and the cloud neither transmits nor stores any login authentication information of the controlled side, including but not limited to: the verification code of the access code, the account secret of the controlled system, and the access password set by the controlled side.

The locally stored policy ensures that external attackers cannot gain any control rights on the controlled side through the data on the server. At the same time, the authentication information stored locally is encrypted by algorithm, and each controlled device has an exclusive key saved only locally, even if the attacker invades the controlled device, the decrypted authentication information can not be obtained directly.

In terms of encryption mechanism, sunflower uses two-way RSA+AES encrypted transmission, but also supports national secret SM2+SM4 two-way encrypted transmission.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.