KbA0006: Security of Coppercube stored data
Description
Discussions about the security of the data stored on the CopperCube are really discussions about the security of the CopperCube itself. The security of the CopperCube depends upon the protections applied to the methods of accessing the CopperCube. [All of which presupposes the physical security of the device has been addressed – as there is no security if the CopperCube is stolen and taken apart!]The methods of accessing the CopperCube are through:
- Graphical User Interface: This is the primary interface. It is used to configure the device and view the data it contains.
- Operating System: via a remote terminal (ssh) or via local keyboard & monitor.
- API (Application Programming Interface): to pull stored data into another computer system.
The CopperCube is also equipped with an internal firewall and three outgoing only data channels to send data to:
- The CopperTree cloud servers
- A client-provided SQL server.
The security protection of these items is also discussed here.
Graphical User Interface (GUI) security
Access to the CopperCube GUI is via a web browser and either HTTPS (SSL; port 443) or HTTP (port 80). Traffic on these ports is easily monitored and controlled (blocked) with simple firewall rules. Whether the CopperCube is exposed to traffic outside of the client’s I.T. network is the client’s choice. There is no requirement to make the CopperCube reachable from the Internet. Blocking outside Internet web access to the device will not affect its ability to function.
The GUI is password protected. Three user accounts (access levels) are defined:
- A client account: for the end client to use. Clients are encouraged to change their default passwords.
- A partner account: for the CopperCube distributor’s technicians to use when servicing the device.
- A coppertree account: for the manufacturer’s technicians to use when troubleshooting.
The passwords default to the device’s serial, since it is unique and physical access to the CopperCube is required to obtain this value.
- A root account: replaces the coppertree account for new purchases of CopperCube 1.33 and higher. The password is in a hashed form unique to the hardware.
The GUI is divided into an unsecured page of public status data, and a set of protected pages containing configuration settings and sensitive data. The public page is available to anyone, while access to the protected pages requires the user to log-in using one of the three defined user accounts and associated passwords. The status page contains sufficient information for a casual user to determine if the CopperCube is operating correctly, but insufficient information to compromise the device or make changes to its configuration.
Operating System Security
The CopperCube’s operating system (Linux Ubuntu) can be accessed via a remote terminal (ssh on port 22) or via a local keyboard & monitor. The operating system is protected by a device’s unique password. A single user account with root permissions is defined. This account is for the manufacturer’s technicians to use when troubleshooting. Users may receive this password from CopperTree Analytics with the understanding the CopperTree policy regarding root access is:
“If a partner or client uses the root password and damages the CopperCube, then that person is responsible for the same. There is no documentation available, All the required configurations can be done easily using the GUI. CopperTree will not support any changes made to the CopperCube, and this will void the warranty. Additionally, if CopperTree must resort to “Restore to Factory Defaults” in order to repair the CopperCube, the partner and client will have no recourse against CopperTree for any lost data.”
API (Application Programming Interface) Security
The CopperCube provides an API so other computer systems can retrieve stored Trend Log data from the CopperCube. The API uses HTTPS (on port 443) or HTTP (port 80). The API is password protected and requires the remote system to log-in using the GUI’s client account and associated password. The API session will automatically expire the login after an extended period of inactivity.
CopperCube Internal Firewall
Instead is just relying upon external devices and client I.T. policies to protect the CopperCube, the CopperCube also contains an internal firewall. This firewall implements a drop-all policy and closes all ports except:
- port 443 (HTTPS access to the CopperCube ‘s GUI)
- port 80 (HTTP access the CopperCube ‘s GUI)
- port 22 (SSH access to the CopperCube ‘s Operating System)
If the CopperCube determines it needs a specific port opened in-bound (e.g. 47808 to collect BACnet data from a remote BBMD device) then it will manage its internal firewall rules automatically to open the port and close it again when it is no longer needed.
CopperCube Out-going Channels
The CopperCube sends operating status information (heartbeat) to the CopperTree Kaizen servers, to allow automatic device monitoring. This is done via HTTPS on port 443. Clients may choose to block this port if they wish, however they will lose the benefits of an ongoing device status monitor and early warning of data collection problems with their buildings. We strongly encourage clients to open port 443 outbound.
The CopperCube sends building data to the CopperTree database servers using AMQPS on port 5671. This port must be open out-going for the CopperCube to function with CopperTree’s Kaizen services.
A CopperCube may be equipped with an optional SQL connector. This feature allows the CopperCube to send data to a client-provided SQL server. The connector uses an outbound connection. Specific details can be found in the documentation of the SQL Connector.