IT Security
The key benefit of the internet-based connection is security. With UNITED GRINDING Digital Solutions™, online access to your machine or system is always quick and secure. Remote Maintenance takes place only upon invitation by the customer, i.e. the connection is exclusively established with UNITED GRINDING at your initiation.
- Each connection is established directly and exclusively between you and UNITED GRINDING, and only for a limited period
- Data exchange takes place exclusively on your initiative and in all cases only for the machine that you approve
- Users are identified by personal user names and specific passwords
System design and security
You want to keep your IT infrastructure secure and your production running smoothly. With UNITED GRINDING Digital Solutions™, you're on the safe side.
Structure
- UNITED GRINDING Digital Solutions™ works completely and autonomously in your own network
- Each connected machine is equipped with an IPC with corresponding software
- One Customer Cockpit is required for each location and is installed on a separate IPC
- This hardware and software solution allows for secure connection of the machines to your network
- The short-term connection to the UNITED GRINDING server is established exclusively as an outgoing connection by means of a TÜViT (Trusted Product) certified connection and can only be triggered by you
Safety
- Single-port principle: All services, such as remote access, VPN-tunnel-based control, file transfer, and video conferencing, require only one enabled port.
- Transport encryption: UNITED GRINDING Digital Solutions™ uses SSL with 2048-bit Public Key RSA and 256-bit AES symmetric encryption.
- Firewall-friendly: You don't need an inbound connection. An outgoing TLS connection only communicates via one port (by default 443) and can also be routed via a web proxy server.
- Port management: With conventional VPN solutions, all ports are opened for the entire connection period. For UNITED GRINDING Digital Solutions™, port sharing is initiated as required: For end-to-end application tunnels, only relevant ports are activated for the duration of the application's use.
- Blacklist: After unauthorized connection attempts, a blacklist mechanism automatically blocks IP addresses from which the connection request originated for a defined period of time.
- Code-signing: All program modules are signed, i.e. during the update process, only update packages that are signed with the correct key are installed.
- Authentication: Authentication isperformed using role-specific TLS certificates. Each user receives a specific login and password. Existing authentication options can be expanded at any time.
- TÜViT certified: The software's security is verified annually through the “Trusted Product” certificate (TÜViT). The certificate is based, among other things, on an examination of technical security requirements, architecture, design, development process, as well as weak point analysis and penetration testing.
Connection and remote access to your machine
In the event of servicing, you decide whether and when remote access to your machines is granted by sending us a Service Request. Only once a Service Request is issued do you grant an authorized Customer Care employee access exclusively to the endpoint, such as the affected machine or system, at which the problem exists.
After the outgoing connection has been established, communication in both directions is possible. The tunnel services used here are encrypted with 256-bit symmetrical AES and SSL with 2048-bit Public Key RSA. All activities relevant to a Customer Care employee during remote access, such as data transfer, remote diagnostics, or remote programming, are possible with the appropriate authorization level via these tunnel services.
All processes related to a Service Request carried out via UNITED GRINDING Digital Solutions™ are logged and archived in their entirety. All closed service requests are saved in your system file.
The use of functions requiring an administrator role is logged in your company's system. The log entries in the so-called prolog files are provided with a signature and cannot be manipulated unnoticed.
Your plant network
You always retain full control over user rights. All administrative power is with you at all times. Only persons who are qualified and have authenticated themselves may connect.
As a manufacturing company with a particularly high-security requirement, you need to be able to precisely control all remote access to your systems and machines and to terminate access at any time if necessary. Each user also receives a specific login and password.
UNITED GRINDING Digital Solutions™ offers a group and role-based authorization concept. To use certain software functions, the user must be authorized to do so. The dynamic port sharing and decoupling of the network prevents malware from reaching your machine.
FAQ
You can find answers to FAQs here.