Home/Support/Support Forum/Encrypted communication via ConnectPort TS 16
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Encrypted communication via ConnectPort TS 16

0 votes
Hi everyone!
I´ve a question concerning the encrypted communication via ConnectPort TS 16.

We are planning to use Digi Serial Server to communicate data between Virtual Machines and Serial Devices.
These data has to be protected by encryption.

Which encryption methods does a Digi ConnectPort TS offer?
Which is the most secure method for the described communication?
Which Key size is in use for the AES?
How do we enable and monitor the encryption?

Thanks in advance!
asked Apr 24, 2015 in ConnectPort TS by AskDigi4Support New to the Community (0 points)

Please log in or register to answer this question.

2 Answers

0 votes
Hi there,

I'm assuming that this is related to the Digi RealPort driver?

From my own testing, TLS v1.0 128-bit AES appears to be the default encryption type, but I'm not sure if that can be changed (and to what, if so).

It's easy to enable encrypted RealPort, just select the encrypt option when installing the RealPort driver (when going through the RealPort driver setup wizard), or it can be changed later in the RealPort properties. You also need to make sure the ConnectPort TS has the Encrypted RealPort service enabled.

Is this the kind of information you're looking for?
answered Apr 24, 2015 by jeremym Veteran of the Digi Community (1,673 points)
Hi Jeremym,

thanks for answering my questions.
Unfortunately I´ve still some problems and additional questions.

Although I´ve selected the encrypt option during RealPort driver setup on my client and the Digi device security level setting ("Configuration>Security>Network Security") was set to "Normal" (this means all services are selected/running), the communication seems to be in "clear text".

In my test environment I am transmitting a text file from my Windows 7 x64 client using "COM Port Data Emulator".
Then I am sniffing the traffic to my Digi PortServer TS16 with Factory Default Settings using "Microsoft Network Monitor 3.4".
Checking the results, I am able to read the text file content in the TCPpayload. So it does not seem to be encrypted.
Where is the problem/failure in my setup?

Additionally I am confused about the Digi security level ("Configuration>Security>Network Security").
Following the default security levels, using "Secure RealPort" doesn´t seem to be the most secure option.
At least the service will be deselected when you switch from level "High" to the "Secure", which seems to be the topmost security level.
On Level "Secure" only the following services are preselected: SSH, Reverse SSH, HTTPS

This leads to one of my initial questions.  
What is the most secure method to communicate via Digi PortServer?  And how do I configure it?

Is there any "Digi-approved" document about the encryption type in use? I bet I´ll need it for a future audit.

Hopefully someone is able to answer my questions and you´ll be able to understand my poor English.
0 votes
A ConnectPort TS is a different product than a PortServer TS (and other Digi devices).

Exactly which model Digi device do you have, that you're asking about? If you aren't sure, please provide the part number and/or serial number if possible, so we can identify it.
answered Apr 27, 2015 by jeremym Veteran of the Digi Community (1,673 points)
I am using a PortServer TS (PN:(1P)50001207-01 AP)

I´ve resolved the encryption issue, by changing the driver settings on the client OS. Computer Management > Device Manager > Multi-port serial adapters  > Select driver > Properties > Advanced > Properties... > Security > check box "Encrypt network Traffic (TLS v1.0 128bit AES)"
Afterwards client  and PortServer are communicating via TLS.

But I am still confused about the Network Security Level.
Selecting level "Secure" disables "Secure RealPort" and "RealPort" services.
How should any windows client connect to the PortServer without using the RealPort driver? In my case it doesn´t work.
Is there another (more secure) way to connect a Windows client to the PortServer?
Following the available services it could work using SSH, Reverse SSH, HTTPS....

So my question remains:
What is the most secure method to communicate via Digi PortServer TS 16 and how do I configure it?

Thanks in advance.
Ahh.... now I realized why I was confused using the correct product name!

Following the Digi product overview Home > Products > Serial Servers    My device looks more like the image of the displayed "ConnectPort TS" (19 inch).
The displayed images of the "PortServer TS" seems to be only a smaller "consumer" device.
The answer to your question depends on what exactly you are looking to secure.

To secure the RealPort (serial-over-IP) traffic, you should use Encrypted RealPort.

To make the PortServer itself the most secure, you should disable as many unnecessary services as possible, and choose encrypted services when possible.  This is what the "Secure" radio button does - disables most services, and leaves just a few.

I suggest that you use Encrypted RealPort, that you enable the Encrypted RealPort service, and then only enable other services that are required for your needs.

Does this information help?
Thanks Jeremym!
I´ll do as you suggested.

Is there any Best Practice Guide for security configuration?
In does a ConnectPort provide more security than a PortServer?
No problem!

Yes, see this website:

http://www.digi.com/resources/security

Yes, the ConnectPort TS is a newer product and has more security features.  I suggest comparing the specs on the product spec sheet vs. the PortServer TS to see which one meets your requirements.
...