Community discussions

 
quasarsoft
just joined
Topic Author
Posts: 10
Joined: Mon Nov 30, 2009 4:19 am

Is Dude Communication Secure ?

Sun Jul 14, 2019 9:58 am

Hi All,

This may be (is) a newbie question but I'm trying to understand how the Dude communicates to try and minimise potential security issues.

I'm running Dude from a CHR. All devices added to the Dude have Secure Mode ticked. Trying to understand what this Secure Mode protects and what it does not.

1. If we add a remote Mikrotik Router to the Device list with Secure Mode ticked, does this mean all communication (probes, etc) between the Dude and that router is secure ? What about SNMP ? Does the Dude interrogate the Mikrotik Router's SNMP via the secure link or via the WAN interface ?
2. If we setup the remote Mikrotik Router (call it Router A) as an Agent, do all probes to devices at the remote network (behind Router A) that uses Router A as the Agent occur only across a secure link (ie. is encrypted) ? What about if we enable SNMP 1 and 2 (if SNMP 3 is not available) on the remote devices behind Router A ? Is the SNMP information going from the remote devices to the Dude encrypted over the Secure Mode link ?

All Routers and the Dude Server have their Winbox and web ports (and any service ports I require) restricted to my IP address only using Filter Rules. All other services are disabled. SNMP Port on all remote routers is restricted to the Dude's IP address only. Is there anything else to consider to prevent information leakage or is the answer to the above questions that information between the routers and the Dude is not encrypted and may be visibly intercepted ?

Thanks.

CK
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 249
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Is Dude Communication Secure ?

Mon Jul 15, 2019 10:10 am

Secure mode - Whether to use Secure mode when connecting to a RouterOS device. Uses TLS connection

https://wiki.mikrotik.com/wiki/Manual:T ... e_settings
---
Karlis
 
quasarsoft
just joined
Topic Author
Posts: 10
Joined: Mon Nov 30, 2009 4:19 am

Re: Is Dude Communication Secure ?

Tue Jul 16, 2019 12:05 am

Hi Kalisi,

Thanks for your reply.

Yes, I have read that too. It does NOT answer all concerns. It only mentions connecting to the RouterOS device. With security being at the top of most people's concerns these days, it would be helpful if manufacturers are much clearer in their description what is protected and what is not.

For example, part of my first question concerns SNMP to the RouterOS device itself. With secure mode enabled, does the Dude poll the RouterOS device's SNMP via the secure connection or across the WAN facing SNMP port ?

The manual only mentions connecting to the RouterOS device. It does not specifically say that the information being relayed through the RouterOS device acting as an agent is encrypted. We can only work on the assumption that communications with devices behind an Agent is going through the link to the RouterOS agent and that the connection is secure (as there are no port forwards to the devices). Again, this is an assumption and assumptions are always right until they are not. Confirmation / clarification from Mikrotik on this matter would go a long way towards alleviating concerns.

CK
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 249
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Is Dude Communication Secure ?

Tue Jul 16, 2019 8:13 am

For example, part of my first question concerns SNMP to the RouterOS device itself. With secure mode enabled, does the Dude poll the RouterOS device's SNMP via the secure connection or across the WAN facing SNMP port ?
Only SNMP v3 supports secure communication. Configure Dude server and devices to use it (by default there is no profile for v3 in Dude Server settings, you should add it).
---
Karlis
 
DuglasMetyu
just joined
Posts: 1
Joined: Wed Jul 17, 2019 10:29 pm

Re: Is Dude Communication Secure ?

Wed Jul 17, 2019 10:33 pm

I have problems with access to some sites after install this app...

Who is online

Users browsing this forum: MSN [Bot] and 7 guests