yelkenli Posted May 15, 2018 Share Posted May 15, 2018 I like the Isight functionality, and automation overall. But what keeps someone from hacking my system and monitoring for my time away from the house? What annual security checks can a user conduct to keep it locked down, or look for evidence of being hacked? Is Control4 providing any tools that sniff out hacking and provide alerts to users or their dealers? Link to comment Share on other sites More sharing options...
msgreenf Posted May 15, 2018 Share Posted May 15, 2018 With the way 4sight works its not port forwarding. It's a reverse proxy with a VPN. It's a secure setup. That is what you are paying for Link to comment Share on other sites More sharing options...
Pounce Posted May 15, 2018 Share Posted May 15, 2018 I probably have a slightly different opinion. I maybe don't think it's 100% correct to call something secure because its a VPN. The promise is secure. There are multiple links on the chain and VPN's have been known to have security exploits. I'm not saying this one has an exploit. I wouldn't bet my life on the system being secure. Google reverse proxy exploit. I think the question is a good one though. I think a diagram on how it works and some assurances from Control4 about security and regular 3rd party audits would be comforting. I'm personally hesitant to use the service, but I've worked on security scanning software and know most everything is exploitable given time. It's good to understand risk and have some strategy to mitigate risks. It's also perfectly acceptable to take risks if you feel the value of a feature is worth the risk. I just advocate having an understanding of the risk rather than just blindly taking unknown risks. Mitigating risks can be keeping software current. Logging access. Checking the access. Limiting access. Segmenting services and networks etc. Nothing is totally secure forever and always. You can also pay people to care about all of this stuff and still not be totally secure. For those that feel they can or would be targeted they should use professional security services and take their advice. Link to comment Share on other sites More sharing options...
AceOfSpades Posted May 15, 2018 Share Posted May 15, 2018 I have similar concerns. I check the "Authorized Devices" tab in my.control4 fairly often to see which devices have connections to my system. I would love to see the 4sight login support Collaboration Services like Gmail, Outlook and Others so I can enable 2FA. At a minimum, allow 2FA for the C4 Accounts. Link to comment Share on other sites More sharing options...
Matt Lowe Posted May 15, 2018 Share Posted May 15, 2018 you can also add an SLL connection option and password protect it and make it so that only specific devices can be added. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.