AMX network security

maxifox

We are trying to secure AMX LAN segment meaning to prevent unauthorized network access either remotely or locally. Anyone came across any other solution than a dedicated VLAN?

DHawthorne

In most cases, I consider the master security features sufficient. If I really need more (hasn't happened), I would put another router/firewall on the network and subnet the AMX equipment, physically seperating it from the rest. But this is rare enough to be theoretical - I've never actually done it. To me, the biggest and best feature of the NetLinx line is to be able to remote it over the Internet, and this kind of thing makes that really awkward to pull off, and impossible if you have to deal with local IT people to make it happen.

Thomas Hayes

I have had several people try to get into my netlinx boxes but so far they have failed. I find the on board security very adequate and if you enable the SSL even better. Unless were talking about some Lvl TS10+ then this should be enough security for any network administrator. You could also have them turn all the ports off but the ones directly required by AMX.

maxifox

Well, I can confirm that as soon as the box's interface is exposed to the world *they* will try it literatelly in a few hours.

With on-board security on I found that enterprise network design with VLANs gives additional strength and clarity. For SOHO I believe the solutions vary and that is where I am looking for...

BTW, what is Level TS10? Something about Tempest? Google does not seem be helpful on the term...

jjames

Just out of curiosity, how common, who and why would someone try to get into the processor? If the attempt is to grab the code, wouldn't it only be useful to a dealer / former-dealer? And if someone's using RealVNC to try to control a TP, couldn't you just add a G4 Web Control password?

Just curious . . .

Thomas Hayes

TS10 is 10 levels above top secret.