A client from us is really in cybersecurity as they have high risk locations. And always need to have internet connection.
We are using multiple Uplinks, and multiple routers.
We see Incontrol2 as a weak point, Once you have acces you can do everything you want with all the routers, off course we have MFA enabled.
They still want extra protection. They would like an option to have the Config Locked to the device and can only be unlocked with an extra password.
I like the idea of a toggle switch per device in IC2 that locks the config so no changes are allowed.
I suppose this could require an additional security action like a password, but that would require another user security level I suppose (to manage the password).
Today you can disable device configuration at a group level but its not clear exactly what that does actually (@Michael can we get tool tips added to settings like these please?):
Having another step required (ie reenabling that option above) before config changes are made to a remote device should limit mistakes, but its not a security feature.
Thank you for your reply, Good to hear you also like the Idea.
The Management of the password should be offline and not stored in Incontrol2.
The options Disable Device Configuration I already tried. So far I can see is that it disables all commands from Incontrol2. Like changing Netwerk settings or updating firmware. But when you go into Remote Web Admin you can change all you want.
The idea is to have a future that it is not possible anymore to make any changes at all. Also not through the remote web admin.
Or extra password protected when you want to use remote web admin.
