How secure is remote assistance?

How secure is remote assistance?

Can the actions performed by Peplink support staff be monitored?

What should be considered when enabling remote assistance?

Only Peplink engineers can use the RA when you give a time slot and decide to turn on the RA. They will mostly just go over the settings and will ask always for permission to adjust or test other settings. If settings seem correct, engineers could check open ports (like double check ifport 8089 is really open on the device), check routes or test unreachable servers, failing functions or parameters …

What to consider is that the quality of support in many organizations depends on the accessibility of an affected device or software. You can switch on and off the RA whenever you decide. Some things could be resolved within minutes by support staff just going over the settings. Or you could send a diagnostic file without RA, but that is just a snapshot, so some less options to test. Or you can just ask your questions via the forum or a ticket without access but then support engineers have to do much more guessing and write long conversations, because the Peplink devices and firmware have very wide and extended functions and parameters (like in the trunk or access option post).

2 Likes

Thanks @aldwinaldwin.

What assurances are provided by Peplink when engineers are given access? For example, are engineers vetted, have background checks, external audits are performed, etc?

Where does access originate from?

1 Like

I suspect none. Or rather none officially.

Unofficially every member of engineering that has access to the RA toolset feels the weight of the responsibility of working on live in production systems remotely. In my experience they all do so with great care and consideration and aside from the inevitable occasional slip up where a live device was rebooted or a vpn service restarted accidentally (normally when I haven’t made it clear its a production system) I have had nothing but great experiences of RA sessions with rapid resolutions to some really challenging problems.

by whom? what type? by who? Peplink is a global company, with engineers on different continents supporting customers in pretty much everywhere. A compliance policy that fits all customers needs in all those locations would be impossible. The vetting / security checks performed on a US based employee would be very different from those needed by a UK based one.

I work with hospitals, banks, cyber security firms, aerospace and global brands. Some don’t allow any form of remote access by anyone outside of their own organistion. Some have full test labs where sanitised configs are loaded to replicate production issues and remote access is allowed / provided to those labs. Some let Peplink 3rd line engineering just connect over RA and get on with it.

The ones that allow Peplink engineering to perform RA get things fixed fastest, but bottom line is that you can decide to enable and use RA or not its up to you.

ra.peplink.com which is hosted in AWS in a US datacentre.

2 Likes

Typically my experience with global companies is that they have a consistent policy that drives the hire of personnel. These would include background checks, police checks and the like. Additionally, these organizations may be certified e.g. 27001 and have independent audits conducted e.g. SOC 2 Type II. These provide a level of assurance.

Ah but Peplink is not typical massive unwieldy, company selling networking gear globally- thankfully. Right now they are engineering focused and growing strong and fast because of the quality an innovation of their product which is born from having a really strong, high quality focused team.

This is another one of those ‘use it if you want to - or don’t’ things - you have a choice.

3 Likes