As a manufacturer or service provider you want to offer your customers convenient monitoring and remote maintenance services for their plants or IT systems? Or are you on the other side, using several remote maintenance services as a system operator and must allow those services to access your network?
These key requirements apply in both cases: The remote maintenance solution should guarantee reliable IT security, record all service activities in accordance with auditing requirements, offer flexible integration in different environments and be easy to use.
genubox fulfills all BSI recommendations for secure remote maintenance
- Remote access, VPN and firewalling in one solution
- Can be centrally administrated with full control at all times of maintenance action, access time, target and accessing instance
- High level of operational security thanks to internal confirmation of the establishment of the connection, e.g. via Windows app or key switch
- Greater operational security; establishment of connections always confirmed from within
- Simple and uniform operation of a number of services and integration of third-party solutions possible
- Virus/malware protection through data checking using external virus scanners via ICAP interface
- Compliant with the NIST recommendation (National Institute of Standards and Technology/USA)
- Compliant with the basic protection requirements up to high security level by meeting the tightened rules of the German IT-Grundschutz Kompendium 2022
- Security level can be adapted, "open" and continuous access up to full control
- Sophisticated corporate-ready rights and role system for up to 100 remote maintenance providers worldwide
- Maximum security and control through port-specific access to the target system, which is isolated from the rest of the system, as well as rendezvous point in the DMZ or in the cloud
- Video recording function and logging
- Supports concepts for Zero Trust network protection
- All productive and management systems are available as hardware and virtualized appliances, Service box hardware is also available as industrial variant with suitable temperature range and form factor as well as convenience features such as key switch
- Advanced update mechanism protects against attacks with quantum computers
Basic information on the remote maintenance solution for companies that use remote services
Basic information about the remote maintenance solution for manufacturers and service providers that offer remote services
genubox can provide you with extremely secure remote maintenance access just about anywhere.
As a rugged appliance, genubox can be installed, for example, on industrial robots, wind turbines or simply in server rooms – all locations where manufacturers or service providers monitor and provide support by remote access. genubox ensures security in the event that maintenance should be required: It establishes an encrypted connection for data transfer and uses its firewall function to restrict external access exclusively to the system being maintained – as a result, other sensitive areas of the operator's network cannot be accessed via the maintenance access. In conclusion, genubox is the comprehensive solution for industrial plant security.
Companies with a larger number of machines on the one hand, and providers of remote maintenance on the other, are faced with the need to set up a constantly increasing number of remote maintenance connections. One must bear in mind here that the machines are usually integrated in local area networks (LANs). If unauthorized persons or malicious code manages to penetrate into the LAN via this maintenance access, there can be serious consequences – not least of all for the relationship between the remote maintenance provider and the customer. A remote maintenance solution must be used here that ensures a high level of security. Other requirements on remote maintenance solutions include convenient operation and administration as well as simple integration.
genua offers a remote maintenance solution that meets high reuqirements: high level of security, convenient operation and administration as well as simple integration.
Our concept: One way access by the remote maintenance service into customer networks is not permitted. Instead, all maintenance connections run through a rendezvous server. This can, for example, be located as an appliance at the service provider or at the customer in a demilitarized zone (DMZ) or virtualized in the cloud.
Both the maintenance provider and the system operator connect to this server at an agreed upon time. A direct maintenance connection is created only once the rendezvous has been established on the server. Via this connection, the remote maintenance provider can now access the machine plant or the IT system in the customer network. The rendezvous solution thereby ensures that system operators retains full control of maintenance access in their networks.
The ability to connect a virus scanner to the rendezvous server allows the data sent by the remote service provider to be checked for malicious code. This option offers additional protection against attacks and ensures plant availability.
genubox has an interface to SIEM systems (Security Information and Event Management) for the central recording of all security-related information from the remote maintenance solution. You can use this to intelligently link these to messages from other systems and services in your enterprise network and trace attempted attacks that remain undetected when only looking at individual systems.
The four-eyes principle applies during maintenance access: System operators can follow all actions of the maintenance services live via the user interface. Subsequent traceability is also ensured – video recordings enable audit-proof documentation of all maintenance work.
In this way, system operators always have external access under control and can retrospectively determine who did what in their network and when. If critical incidents should occur, causes, responsibilities and, if necessary, claims for recourse can be clarified with this comprehensive documentation.
Support of Zero Trust Concepts
With Zero-Trust networking, trust in the security of the entire network is replaced by trust in the security of specific communication endpoints, i. e. devices, services, and applications.
A compromise of individual endpoints is thus limited to the permitted communication relationships and no longer endangers the entire network. This approach gives the operator back control of his systems and proactively reduces the attack surface.
The remote maintenance solution from genua supports Zero Trust concepts. In this context, the rendezvous server takes on the role of the software-defined perimeter and allows authenticated external users to access only specific services. This is where the target system connects from the inside. The remote maintainer, in turn, also establishes encrypted communication with this perimeter. After successful authentication, access is only granted to specifically required services, e.g. on the desktop of the machine to be maintained, the terminal or on selected ports.
This is done according to the principle of least privilege: only the desired protocol of the software determines the connection, all other applications or even both networks are not linked.
An interface to identity and access management systems enables the remote maintenance solution to be flexibly connected to a central user and rights management system. genubox supports Keycloak, Microsoft Active Directory, Microsoft Entra ID (formerly Azure Active Directory), OKTA, and RADIUS (Remote Authentication Dial-In User Service).
genuview's user interface simplifies the overview, administration and archiving of the recordings. In addition, genuview can easily be scaled to handle large quantities of data and many permanent connections.
The genuview access- and storage-management solution is connected directly to the remote maintenance solution. The service boxes on the target systems transfer the data of the video recordings to external genuview servers, e.g., on a customer server, where it is stored and archived.
Flexibility and Efficiency through Virtualization
Both the rendezvous server and the service box are not only available as an appliance in different hardware variants, but also as a virtualized solution.
The secure remote maintenance solution can be used flexibly in mixed operation, e.g. in private and public clouds as well as on special industrial hardware in production environments. genubox Virtual offers particularly easy commissioning, among other things through efficient shipping, deployment, and central management of all instances. The software application is compatible with the genuview access and storage management solution – for revision-optimized management and archiving of remote session recordings.
User-Friendly Operation with Windows App, Web Browser, and Central Management
The service employee initiates the maintenance connection via a user-friendly Windows app, which does not require administrator rights, or flexibly in a standard web browser. If the system operator now also establishes his part of the maintenance connection to the rendezvous server, the service can directly access the maintained target system.
The remote maintenance solution is administrated via a central management station. This is also suitable for operating larger installations with many maintenance connections, making it easy to operate a uniform solution over which all remote maintenance solutions run.
This ensures that only authorized users are granted access to the server and that data communication can be neither intercepted nor tampered with.
For the system being managed in the customer’s network, just one genubox needs to be installed. The compact appliance serves as a remote peer for the encrypted connection and, with its integrated firewall, shields the managed system from the remainder of the customer’s network should servicing be required. The connection thus leads only to the maintenance object; other systems in the customer network cannot be accessed. These measures guarantee a very high level of security.
For the maintained system, genubox must be installed as remote peer. To ensure that no work arises here for the operator, the preconfigured solution simply needs to be connected to the network. Because firewalls generally permit outgoing connections, the rendezvous server can now be accessed from the network – and with that the remote maintenance solution is set up.
Fast commissioning in maintenance cycles, security updates, central administration, and mass configuration ensure efficiency.
Post-Quantum Cryptography: genua Meets Future Security Requirements
With products from genua you can make the transition to post-quantum cryptography. Our update mechanism guarantees trustworthy product updates today and in the future: In addition to a digital signature for maximum security according to current standards, the addition of a quantum-resistant signature already provides effective protection against attacks with quantum computers.
A Safe Investment in Accordance with the BSI Recommendation
Experts assume that in a few years, quantum computers could weaken or even break the current cryptographic methods. The security of the XMSS method developed by genua in cooperation with the Technical University of Darmstadt and the Technical University of Eindhoven is well understood today. By applying this method, we meet the recommendations for future-proof software updates according to the German Federal Office for Information Security (BSI) and the National Institute of Standards and Technology (NIST).
As a collaborative learning company, it is our mission to continuously improve and share our knowledge of IT Security with you. In our Knowledge Base we offer you articles, white papers, analyst reports, research results, videos and more in the field of IT security.