Subscriber Discussion

Genetec Reverse Tunnel. How Secure Is This? Any Network/Cybersecurity Experts?

U
Undisclosed #1
Feb 27, 2024

Recent news that Genetec was releasing a new SaaS offering leveraging reverse tunnel as a way to secure communication from onprem to their cloud instance hosted on azure.

Reading the doc from my understanding looks pretty secure. Onprem gear is set to outbound connections only no inbound with one port open 5500. You need a key file that is generated on your onprem and this is what forms the reverse tunnel. You then turn on Saml2 for azure identity or something similar.

* *** ********* ** ****** ** familar **** *** ****** ** ****. My ****** ****** **** ***** ** with *** ******* *******. *** **** about ******** ****. ** **** ****** called ********* ****?

(1)
bm
bashis mcw
Feb 27, 2024

*** **** ***** ***** ******* ********* is **** ** *** **-**** **** it *****'* **** ** **** *** incoming ***** ********* **** *** ********, but ******** **** *** ****** *******/******* in *** ***** *** ******* ** the ***** ******, ***** ** *** whole ***** ** ******* ********* ** the ***** ***** .

******** ******* ******* *** ******* ********, they **** **** ********* ******** *****. So, ******* ****** ******* **** ** configured ************* *** ********* ******* ******** intrusions ** **** **** ****** ** used ** ***** ****** ** ****** the ***** ******* ******* *** ******.

**** ********* ******** *** ** **** for ******* *********, **** ** ***,*****,*****,******, *** **** ****.

(1)
(1)
Avatar
Brian Karas
Feb 27, 2024
Pelican Zero

****** **** ** **** ******* **** for "***".

**'* * ****** ******** ******, **** around *** ** ****** *** *** 20+ *****.

**** **** ***** ******, ** *** be *********** ******** *** ********, ** horribly *****.

* *****'* ****** ** *******'* ********** or ***************, *** **** *** ** that ** ** ** ***** ** secure ** *** ******* ******* ********* implementation **** ****** *************. ********* ******* and ***** ****** ********** *** ********* default ****** **** **** **** ******** platform ***'** ******** ** *** ** these ****, ** * ***** ***** that ** ** ****** ******.

(3)
U
Undisclosed #2
Feb 27, 2024

***** ****** ** **** ****, ****** knowledge ** ******** ****** *** **** “reverse ******”, *** ******* ********* ******** technical *********** **** ******* ** ***** actual **************, **** *** *** ******** of **** ****** ******** ******* *** a **********.

* ******* ****** *** ****** ****** to * ****** ** ******* ****** opening ***** ** *** ******** *** prevents ********* ****** ** *** ******** from ******** *** *********** ****** **** port *** ********* *********** *********** ** throw ** ** ******, ** ******* for ***************. **** ** ****** **** simple **** ************ ***. ** **** **** * ***** of ********** ** **** *** **** between ******* *** **** ******* *** probably ***************** ******. **** ********** ******* could ***** ** **** ********* ** weak ********** ********** ** **** ** DNS ********* *******, *** **** **** for ********* ***** ****** ***** *** or ***.

*** ******** ** **** *** ******* tunnel *** ***** ******* ** **** both ****, *** ** *** ********* on **** **** ****’* ********** ********, it ***** *** ******* ** ****** end ** *** ****** ***** ** used ** * **** *** **** the ******* ******** ****** **** ****** to *******’* ********* (********* ** *********) to ****** ******* ******** ********, ** anyone ** *** ******** **** (********* or *********) ** ******* *******’* ***** infrastructure.

** * **** * *** *****, I ***** ** **** ****** ** gain ****** ** * ********’* ******* through **** ***** *****, *** ** I ***** *** **** ****** ** a ****** * ***** ******* ** use ** ** **** ****** ** Genetec’s ******* *** **** *** ** opportunity ** **** **** ***** **** other ******** ********, ** **** *** targets **** ***** ** ********* ******* interesting ***********.

** * ******* ****** **** ** used, ** ***** ** ** ******* secured ** **** **** ** ******* both ******* **** ******** *** ******** threats. ******* *** ********* ****** **** allow *** ******** ******* ** ******** the ****** *** *** ********* ****** not ***** *** ******* ******* ******* the ********* **** *** ***** ** with * ****-**-**** ***.

*** *******, *** *** *********** ** to ** **** ** ****** *** web *********** ** * ****** ** server ** *** ******** ******* ******* port ********** ** *** ********* ********. The ****** ******** ****** *** ** the **** ** *** *** *********** and **** ***** *** ******* ** 80/443 ** **** ****. *** ******** on *******'* **** ***** *** ***** traffic ** ********* **** *** ********* side *** ******* **** ***** ********** access **** ***** ************** **** * reverse ***** **** ******* **** ** access *** ****** ** *** ******** network ******* *** ******, ******** *** opportunity *** ********* ** ******** ****** customer ******** *** ****** ** ** hard ** ******** *** ********* **** access ** *** ************** ** ***** customer ********.

**;**: ** **** ****, *** *** better **** **** **********. ** **** as *** ** ********, **’* ******** still ****** **** **** **********.

(1)
(2)
UI
Undisclosed Integrator #3
Feb 28, 2024
In reply to Undisclosed #2

*********** *******. ********** *** *****. ** your *******, ** ***** * *** option? ** **** ** *** **** option *** ***** ** **** ** use/cybersecurity *****?

U
Undisclosed #2
Feb 28, 2024
In reply to Undisclosed Integrator #3

* ***** ****** ***** ** *** the **-**** ************ ** **** ** outbound ********** ** *** ***** ***** http/websockets/grpc/whatever ******** *** **** ****** *** minimum ******** *** ** **** ****. The ******* ********** ** **** * reverse ****** ** ******** ** ****** all ***** ** ******* ******* *** needs ** ** ****** **** *** the ******** *** **** ***** * purpose-made *** ***** ** ** ***** from *** ****** ** ** *** the ************ *** ****.

** *** **** ** ** ****** on-prem ********/******** **** ** ******** *** to **** ** * *****-*** *********** without ******** * ********** *** *********, a ****-********** ******* ****** ** * good ****** ************ *** **** * security ***********.

***** ***’* ****** * “****” ****** as ** ******* ** **** ********** threat *****. **** * ****, ******* built *** *** ** ********** ** remote **** ********* ******** ** ******** to **** *** **** ****** ***** into **** *********** **** ***** *** over * ****** ******** ******* ******.

Avatar
Brian Karas
Feb 29, 2024
Pelican Zero
In reply to Undisclosed #2

*** ******* ********** ** **** * reverse ****** ** ******** ** ****** all ***** ** ******* *******

* ******** **** ****. * ******* tunnel ******** *** ****** *** ***** of ******* *******, *** ** *** same **** **** ****** ***** *** packages ** ** **** ******* ** lock ** **** ** ******** ***** (like *** ** ***** ***), *********, etc. * ***** **** ******* ****** is * ******* ***********, *** * specific ************* **************.

**********, ***** ********* **** ******* ****** access *** ******** ************ ** ********** open ** ******. ***** ** ** singular ******** ***** ****** ****** ******** (if ***** ****, ******** ***** **** be ***** **** *** *****).

* ***** ****** ***** ** *** the **-**** ************ ** **** ** outbound ********** ** *** ***** ***** http/websockets/grpc/whatever ******** *** **** ****** *** minimum ******** *** ** **** ****.

**** ** **** ** ********* ***** because *** *** ***** ********** * form ** * ******* ****** **********. The ****** **-**** ****** ** ********** an ******** ********** ** * ****** host. ** ******, **** ******** ** still ***** ** **** ***-*** *************, and ** ***** ****** ****** ** be **** ** ************ ** * compromised *** *****. ** **** *********** team ** ********* ****** ** ********* this ******** ** ** * **** minimalistic **************, **** **** **** ***** easily ********* * ******* ********** ******* tunnel ******** **** ***** ** ******* secure.

(1)
UI
Undisclosed Integrator #3
Feb 29, 2024

****** *** **** *******. ***** ****!

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions