orcus
03/03/2012, 05:36 PM
I recently learned about reeftronics. It looks like a really nice service, but I'm wondering about security.
I'm really not trying to criticize what looks like a cool service, and apologize if this question causes any offense.
From what I can gather, the reeftronics site will poll the Apex at regular intervals. What I'm wondering about is whether someone could alter the configuration of an Apex if they were able to hack into the Reeftronics site. If so, it seems like a bad guy could to try to crash the tanks of everyone using the service.
To some extent, it probably depends on the protocol Apex uses. If there's a way to limit a remote connection to only read information, then that lowers, if not eliminates, this risk. Anyone familiar enough with the protocol to know whether this is the case?
A nice enhancement to the Apex might be to have an option so that settings can only be changed on the local subnet, but data could still be read from outside.
I'm really not trying to criticize what looks like a cool service, and apologize if this question causes any offense.
From what I can gather, the reeftronics site will poll the Apex at regular intervals. What I'm wondering about is whether someone could alter the configuration of an Apex if they were able to hack into the Reeftronics site. If so, it seems like a bad guy could to try to crash the tanks of everyone using the service.
To some extent, it probably depends on the protocol Apex uses. If there's a way to limit a remote connection to only read information, then that lowers, if not eliminates, this risk. Anyone familiar enough with the protocol to know whether this is the case?
A nice enhancement to the Apex might be to have an option so that settings can only be changed on the local subnet, but data could still be read from outside.