confidentiality of serial numbers and netgate ids

hbauer

Hi to all,

on the dashboard under system information of the SG1100 you can see the serial number, netgate device id and crypto id.

how confidential do you have to treat this numbers. Is there something somebody can do with it if he get this informations?

Regards
Hagen

chrismacmahon

@hbauer said in confidentiality of serial numbers and netgate ids:

how confidential do you have to treat this numbers.

The encrypted database that houses this information does not contain any personal information.

Is there something somebody can do with it if he get this informations?

Nope. There is no personal identifying information.

For the NetgateDevice ID, we have 4 options for a device, that show what level of support we are to provide the customer, Community, Professional, Enterprise and Enterprise plus. We can't see where the device is located, who has the device or what software (including packages) are installed on the device.

For the CryptoID, a bit of reading on our blog post is proof of a genuine Netgate product.

hbauer

@chrismacmahon so if an admin leave the company or that number appear on public screenshots nobody can do something with it. right?

chrismacmahon

That is correct.

mhab12

What about the 'Device Key' from the Auto Configuration Backup service? If this were to be disclosed, could somebody get a full, un-encrypted copy of your config? Would this include a plain text admin password?

chrismacmahon

Great question.

No, it's encrypted before it leaves the device. They would get random characters and blobs.

jimp

@mhab12 said in confidentiality of serial numbers and netgate ids:

What about the 'Device Key' from the Auto Configuration Backup service? If this were to be disclosed, could somebody get a full, un-encrypted copy of your config? Would this include a plain text admin password?

The device key only references the configs, they would also need your encryption password to decrypt the backup. They are encrypted locally on your box before they are submitted to the server. The server only has encrypted copies.

Someone could maybe brute force that, so you still want to protect that key, but if you have a sufficiently long passphrase on there it's unlikely someone could get the contents.

hbauer

After the installation you can see a message that i need to have my Netgate device Id stored in a save place to be able to by support.

Does this mean somebody else is able to by support with my id? And if yes what happens if somebody buys support and then later I want to buy support to?

Or would this only be a netgate problem?

Regards
Hagen

chrismacmahon

It would be an us issue, and nothing for you to contend with.

jimp

@hbauer said in confidentiality of serial numbers and netgate ids:

Does this mean somebody else is able to by support with my id? And if yes what happens if somebody buys support and then later I want to buy support to?

You would thank them, since support is per device and tied to the ID, you would have access to support if your ID was used in that way.