As we all know, Aweray Aweseed remote networking establishes a private private network, which is different from port mapping and other methods, and does not directly expose the user's LAN services or equipment to the public network environment. If remote terminals need to access these devices, they need to be authenticated before they can join the networking.

! Picture alt

Fine access control, flexible configuration on demand

At the same time, the Aweray Aweseed has strict access control capabilities, and can perform refined access control based on factors such as user identity, device information, and access time.

For example, when Aweseed remote networking is applied to enterprise telecommuting, access control rights can be configured to realize that the branch finance king only has working hours (8: 00-19: 00 from Monday to Friday) and can only access the financial system of the headquarters through the computer of the finance department.

The whole process of encrypted transmission, building a solid data security line

In addition, the Aweray Aweseed has the security capabilities of data transmission encryption, risk terminal automatic isolation, access behavior log recording, etc. At the same time, the Aweray Aweseed has passed the national information system security level protection level 3 certification, and can support the national secret algorithm, which can fully protect the enterprise data assets.

! Picture alt

Aweray Aweseed remote networking self-research technology to fully ensure information security interoperability

The reason why Aweray Aweseed have strong security protection capabilities is naturally inseparable from the underlying security technology and security protection methods.

Multiple encryption mechanisms to ensure transmission confidentiality and integrity

Specifically, in the most important data transmission process, the Aweray Aweseed adopts asymmetric AES encryption algorithm direct encryption and TLS encryption transmission protocol according to different transmission modes.

! Picture alt

After Aweseed networking, if both sides are in P2P direct transmission and encrypted communication is enabled, both ends will first pass the "authentication" of the session server to ensure that the identities of both parties are trusted.

! Picture alt

The session server then generates a common AES communication key, which is then used by both parties for encrypted data transmission.

If both sides are in forwarding mode or intelligent routing, the communication data will be forwarded through the Aweseed transit server. At this time, the TLS (Transport Layer Security) encryption protocol is directly enabled, and both parties can verify the identity of the other party through certificates and other forms to ensure credibility.

Strict terminal authentication to ensure reliable communication

Secondly, in terms of network terminal authentication, the Aweseed uses encrypted HTTPS(TLS HTTP) protocol to communicate with the key account authentication data throughout the process, thus ensuring that the identities of both parties are trusted.

Hardware security protection to eliminate the risk of malicious instruction injection

For Aweray Aweseed router hardware, in order to effectively ensure the security and reliability of the received cloud instructions, the Aweray Aweseed adopts self-developed anti-injection technology to ensure the security of Web interface calls.

! Picture alt

Aweray Aweseed can fundamentally solve the injection vulnerability caused by the call and execution of the underlying code, and effectively prevent the illegal personnel from obtaining administrator rights and executing malicious instructions.

Aweray Aweseed safety research and development system, safety design principles fully implemented

In terms of research and development, Aweray Aweseed strictly follow the principles of safety design. Including but not limited to: the principle of least privilege, the principle of separation of privileges, the principle of least sharing mechanism, the principle of complete neutrality, the principle of default fault handling protection, the principle of distrust, the principle of defense in depth, the principle of protecting the weakest link, the principle of privacy protection, and the principle of minimizing the attack surface.

For new features, the Aweray Aweseed team conducts more comprehensive security testing on a monthly basis. Including: fuzzy testing, penetration testing, testing strength and strength to meet the latest OWASP test specifications.

In addition, the upgrade and maintenance of Aweray Aweseed uses various code audit tools to conduct static audits of code quality and security to ensure that the code developed and written conforms to secure coding specifications, and to track scan results and optimize and improve rules based on scan results and unexpected problem lists.

In addition, the team will regularly conduct comprehensive vulnerability scanning and fuzzy testing of the Aweseed to eliminate hidden dangers in time to ensure the safe and smooth operation of the information system.

Aweray self-built security response platform to build a standardized long-term security system

In terms of operation, the Aweray has built its own security response platform (SRC,Security Response Center), built a standardized and long-term security system, improved the network security of the system environment, integrated the public network security capability to find problems as early as possible, and built a standardized and long-term security service system according to the industry standard SLA(Service Level Agreement) to improve and ensure information security.

! Picture alt

The Aweray will also cooperate with well-known security agencies at home and abroad from time to time to conduct security penetration tests and vulnerability scanning to assess the security of Aweray products and services, identify potential security vulnerabilities and threats, and repair security vulnerabilities and improve security in a timely manner.

At the same time, the Aweray has continuously upgraded its professional security team. In addition to the original security experts, it has also established and maintained close cooperative relations with well-known white hat hackers in the industry, various security communities, and crowd testing platforms.