Skip to main content

General

Security Assessment

As part of our service agreement, we offer our customers the ability to remotely monitor and maintain their G-Gateways. To do this, we use Tailscale as a VPN solution that enables a secure and easy connection between our devices and customer networks. Tailscale is based on WireGuard, a modern and powerful VPN protocol that offers end-to-end encryption, strong authentication, high speed, and low resource consumption.

To use Tailscale, we install software on our customers' G-Gateways that automatically connects to the Tailscale network once they have internet access. This gives us access to the 192.168.50.0/24 subnet (LAN port of the G-Gateway) where the G-Gateways are located and can control them remotely from our office. We do not require access to other subnets or devices on the customer network unless necessary for troubleshooting or configuration. In this case we ask for the appropriate authorization from the customer.

We recognize that some customers may have concerns about the security of their networks when using Tailscale. We would therefore like to clarify a few points explaining the benefits and risks of this solution.

Advantages

  • Tailscale is a reliable and recognized VPN solution used by many companies and organizations worldwide. It has a transparent and open architecture that is regularly reviewed by independent security experts.
  • Tailscale uses WireGuard as its VPN protocol, which is considered more secure and robust than other popular protocols. WireGuard uses modern cryptographic algorithms and key exchange methods that ensure high confidentiality, integrity, and availability of data.
  • Tailscale uses a zero-trust model where each device has a unique key associated with a Tailscale account. Only devices that belong to the same account or are explicitly shared can communicate with each other. This prevents unauthorized access or man-in-the-middle attacks.
  • Tailscale uses a Distributed Hash Table (DHT) to broker connections between devices without the need for a central server. This makes the network resilient to failures or censorship. Additionally, Tailscale uses NAT traversal techniques to maintain connections behind firewalls or routers without the need for port forwarding or other settings.
  • Tailscale provides a simple and intuitive interface that allows us to manage, monitor and share our customers' devices. We may also set security policies that restrict or allow access to specific subnets or ports.

Risks

  • A potential risk is that an attacker could gain access to our Tailscale account or one of our devices, thereby gaining access to the entire Tailscale network. To avoid this, we use strong passwords and two-factor authentication on our account and devices. We also regularly update the software and check the activity logs for suspicious logins or connections.
  • If the customer still has security concerns, he can also carry out a separation on his own, which isolates his customer network from the G-Gateway and thus limits the G-Gateway's access to only the essentials. This can be done, for example, by setting up a firewall between the customer network and the G-Gateway. This prevents the G-Gateway from accessing or being vulnerable to other devices or services on the customer network. However, Customer must ensure that this separation works correctly and does not cause conflicts or disruptions with Tailscale or other network components.
  • Another aspect that customers should consider is Tailscale's privacy policy, which describes what information Tailscale collects and how it uses it. We have read the Privacy Policy and agree that Tailscale will only collect the data necessary to provide and improve the Service and will not share this data with third parties or use it for any other purposes. Customers can review the Privacy Policy on Tailscale's website at any time and can contact Tailscale directly if they have any questions or concerns.

To process and display the data from the G-Gateways, we use containerized applications based on Docker.

With this solution we can offer remote maintenance and monitoring of our G-Gateways, which provide customers with important information about their systems and processes. We are constantly working to improve and expand our solution to meet our customers' needs.

We hope this information helps you make an informed decision about using Tailscale. We believe Tailscale is an excellent solution to enable remote maintenance and monitoring of your G-Gateways without compromising the security or privacy of your networks.
Further information can be found on the Tailscale website.