Application Notes : FOXMAN-UN Client-Server Setup in a Secure Network - Application Note : Mitigation
Hitachi Energy
Mitigation
To mitigate the risk of an unauthorized access to the FOXMAN-UN Core, it is recommended to deploy the FOXMAN-UN Client application and the FOXMAN-UN Core in a secure network.
This mitigation restricts to possibility, that an unfriendly user could get access to the FOXMAN-UN Core by tracing CORBA messages and re-engineering the protocol.
The Figure below shows to basic setup for such a deployment:
The FOXMAN-UN Client is deployed on a Windows server collocated in a secure network with the FOXMAN-UN Core Server.
The FOXMAN-UN Client communicates with the Core server using CORBA over TCP.
The FOXMAN-UN User accesses to the Windows server with RDP (Remote Desktop Connection) using the Remote Desktop Protocol (RDP) over SSH.
The FOXMAN-UN Core shall use SSH to connect to the Network Elements.
With this setup only SSH communication to the Secure Network is possible.
As an alternative the Windows server could also be a Linux Server with installed FOXMAN-UN Client only. In this case the communication between the FOXMAN-UN User and the FOXMAN-UN Client server should use SSH.