Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Remote Connections - answers to common questions

            Created by Tim Kefford, Modified on Thu, 13 Mar at 5:10 PM by Tim Kefford

            How does a 'Remote Connection' work?

            Our Remote Connections feature provides a secure and seamless way to access devices in remote locations without requiring complex network configurations, VPNs, or manual firewall adjustments.

            When a remote connection is initiated:

            1. Secure Tunnel Creation – A secure and encrypted communication channel is established between the remote device and our platform, ensuring data integrity and confidentiality.
            2. Dynamic Connectivity – The connection dynamically adapts to network conditions, allowing access even behind firewalls or NAT without requiring static IP addresses.
            3. End-to-End Security – All remote connections are encrypted, and authentication mechanisms ensure only authorised users can establish sessions.
            4. No Manual Setup Required – Our platform automates the process, removing the need for complex networking configurations.

            This approach enables users to remotely monitor, manage, and control devices as if they were on the same local network, without exposing them directly to the internet.


            How is a Remote Connection set up, in a technical sense?

            Our Remote Connections feature establishes a secure, time-limited access tunnel between an authorised user and a remote device. This is achieved via an IP-locked, encrypted tunnel initiated through our Hub software, which acts as a relay for secure connectivity.

            1. User Initiates the Connection

            • The user logs into our web platform (hosted in AWS Ireland) and selects the device they wish to access.
            • They click a 'Start' button, choosing a protocol such as:
              • HTTPS (for web-based access)
              • RDP (for remote desktop sessions)
              • Other supported protocols based on the device requirements.

            2. Command Transmission to Hub

            • Once initiated, the platform sends an authenticated API request to the Hub software deployed on the remote network.
            • The Hub validates the request and retrieves the user’s public IP address to enforce an IP-lock.

            3. Secure Tunnel Establishment

            • The Hub establishes a TLS-encrypted tunnel from the remote device to the user’s public IP address.
            • The tunnel is dynamically assigned a non-standard port or obscured URL to enhance security.
            • Only traffic from the verified IP address of the requesting user is permitted.

            4. Authentication & Access Control

            • The user must authenticate using their local device credentials before full access is granted.
            • Multi-Factor Authentication (MFA) is enforced during the login process for an additional layer of security.
            • Session logs and access attempts are logged for auditability.

            5. Active Session & Auto-Termination

            • Once the tunnel is active, data is transmitted over an end-to-end encrypted connection (TLS 1.2/1.3).
            • Sessions are automatically terminated after 60 minutes or if manually closed.
            • Once closed, the tunnel is completely removed, ensuring no persistent access.

            Security Considerations

            • No open inbound ports – The remote device does not expose any services directly to the internet.
            • IP-locking & short-lived tunnels – Only the authorised user can access the session.
            • Traffic routing & encryption – Ensures full data protection against interception or unauthorised access.

            This structured approach allows for highly secure, on-demand remote access without requiring complex firewall modifications or VPN configurations.


            How can we be sure that the Remote Connection is secure from a "Man-in-the-Middle" attack?

            Our Remote Connections feature is designed with multiple layers of security to prevent unauthorised interception and protect data integrity. The following mechanisms are in place to mitigate the risk of Man-in-the-Middle (MITM) attacks:

            1. End-to-End Encryption (TLS 1.2/1.3)

            • All data transmitted through a Remote Connection is encrypted using TLS 1.2/1.3.
            • Encryption ensures that even if a third party intercepts network traffic, the data remains unreadable.
            • The encryption process protects against packet sniffing, tampering, and replay attacks.

            2. IP-Locked Tunnels

            • Each Remote Connection is locked to the specific public IP address of the requesting user.
            • This means that even if an attacker tries to hijack the session from another location, they will be blocked from accessing the tunnel.
            • Traffic that does not originate from the authorised IP is automatically rejected.

            3. Certificate-Based Authentication & Secure Handshake

            • During tunnel initiation, a secure cryptographic handshake ensures that only authenticated devices can establish a session.
            • We use trusted Certificate Authorities (CAs) to verify the integrity of SSL/TLS certificates.
            • This prevents attackers from injecting forged certificates into the connection.

            4. No Persistent Open Ports

            • Remote Connections are established outbound-only, meaning the remote device never exposes an open port to the internet.
            • This eliminates common attack vectors that rely on scanning for open services.

            5. Short-Lived Sessions & Auto-Termination

            • Each session is time-limited to a maximum of 60 minutes.
            • Once the session expires or is manually closed, the tunnel is permanently removed.
            • This ensures that even if an attacker were trying to compromise the session, they have a very limited time window, and the session cannot be reused.

            6. MFA & Local Credential Authentication

            • Before accessing the remote device, the user must:
              • Authenticate with Multi-Factor Authentication (MFA) on our platform.
              • Provide valid local device credentials before the session is established.
            • These extra authentication steps ensure that even if an attacker manages to intercept login details, they would still be blocked without the second factor.

            7. Obfuscation & Security Through Design

            • Non-standard ports and obscured connection URLs are used to prevent predictable attack patterns.
            • Attackers cannot easily identify or target Remote Connection tunnels.

            8. Continuous Security Monitoring & Audit Logging

            • All connection requests, session activity, and authentication events are logged for auditing.
            • Any suspicious activity, such as failed connection attempts or IP mismatches, is flagged and can trigger security alerts.


            By implementing TLS encryption, IP-locking, secure authentication, and short-lived sessions, we ensure that Remote Connections remain secure against MITM attacks and other interception methods. Our security-first approach eliminates common attack vectors while providing a seamless and protected user experience.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0