Many small and large companies have strict policies about accessing their computers remotely. The risk of compromising the security of their digital and electronic asset prevents many managers to allow remote access to their machines. In HunterLab we understand and consider our customers' concerns in every decision we make. Therefore we choose a product that will help you achieve the best results in color measurements without compromising your data or the security aspects of your machines.
HunterLab Remote Access Support (RAS) is based on a secure Webconnect service from the company Netop. WebConnect communication is used to connect a Guest (HunterLab computer) to a Host (Essential-based instrument) across the internet where they are typically separated by firewalls and the IP address of the Host may be unknown. When using the WebConnect service users can remote control computers typically without having to configure any firewall, proxy or router. In addition, RAS has a multi-layered approach to remote access security:
- Securing the line:
When a connection is established between two computers, a network traffic goes between the two. Most organizations use a VPN that makes data in the network anonymous to network sniffers. Sometimes these companies need to adjust some rules in their VPN to allow access for remote support. With RAS customers don’t need to configure and maintain VPNs to support users outside of their network or to provide external access by consultants.
Securing the line involves also encryption. In RAS data are encrypted using 256-bit AES for data confidentiality, 256-bit SHA HMAC for data integrity and up to 2048-bit Diffie-Hellman for authenticity.(CIA approach is one of the basics and most important criteria that is taking in consideration in information security). This encryption is embedded in the Host tool installed in the customer’s instrument.
- Managing user access:
Remote control products are different in the way they manage user access. In RAS our customers can manage access to their instrument by modifying the “Guest Authentication Password” and by having full control on choosing whether to allow a guest to access their instrument or not.
Note: Our customer can change the Guest Authentication password if they choose too, but we will need to ask them for it every time we want to connect to their computer.
How does the authentication works?
Initialization of communication with the instrument > establishing a connection with the instrument > connecting to the server > waiting for host acknowledgment > logging in using Netop authentication (here we type the password) > waiting for verification of the password.
Once the password is verified the customer receives a request to allow access to their instrument. If the customer doesn’t accept the request by clicking “allow Access” then there is no way for the HunterLab support team to connect remotely to their instrument.
- Managing user rights:
Once one of our support specialists connect to the instrument, the support agent has full control of the instrument. The instrument owner can meanwhile perform the task in their instrument and monitor the tasks that the support agent performs.
- Documenting what happened:
Documentation of the session is the last step of a solid secure remote-control system. With extensive logging and video recording for sessions, our customers can know exactly what happened during the session, and when. This way the customers ensure that their data was not compromised during the support session.