Security Is Our Priority
Security is at the forethought of every decision on the Bushel platform. We spend countless hours researching and implementing best practices to ensure the security, privacy, and integrity of your data. We believe that one of those best practices is transparency.
How does tunnel client work?
The tunnel client creates an encrypted connection between your on-prem or colocated server and the Bushel tunnel service to allow our hosted translator solution to access your data. More technically it works like this:
- You install the client, written in Go, and configure it with the credentials you receive as part of our activation process.
- The client makes a HTTPS-based request to our provisioning API with your credentials to retrieve the configuration for your tunnel, which looks like this:
{ "server_host": "tunnel.scaleticket.net", "server_port": 61022, "server_public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPFiOs0CqT+WQEbST96SGNsublBjev4PUJ4VqCfqMOY", "release_channel": "stable", "ports": [ { "name": "default", "client_username": "tunnel", "client_private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACDHNieCLvVh4XKE3lwGh5jCldC23ke9n0tEeFN6iDQKlwAAAIj4zX1n+M19\nZwAAAAtzc2gtZWQyNTUxOQAAACDHNieCLvVh4XKE3lwGh5jCldC23ke9n0tEeFN6iDQKlw\nAAAECVhasDmgb9+pO1FQKbg8GR288jomXmdr8vq0jl4kdxK8c2J4Iu9WHhcoTeXAaHmMKV\n0LbeR72fS0R4U3qINAqXAAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----", "client_public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMc2J4Iu9WHhcoTeXAaHmMKV0LbeR72fS0R4U3qINAqX", "client_host": "localhost", "client_port": 1433, "remote_bind": "0.0.0.0", "remote_port": 0 } ] } - Encrypted SSH-based remote port-forwards are created using the configuration for each port we need to access, the strongest cipher available, and an ED25519 key-pair.
- By default, the client checks hourly for configuration changes and new releases.
- Upon receiving changed configuration, the client will automatically reconfigure it self to match the desired state.
- When a new release is available, the client will automatically download the new executable, verify it using a SHA256 checksum returned from the release API, replace the current executable, and finally exit with error code 99. The service manager will detect the failure and restart the service using the new executable. The update process typically occurs with in seconds and results in very minimal downtime.
Outbound connections/firewall information
The tunnel client establishes outbound connections to the following hostname:port combinations. This may be useful information for outbound firewall whitelisting. Please only whitelist by hostname (not IP address) as the IP addresses may change.
- tunnel-setup.scaleticket.net:443
- tunnel.scaleticket.net:61022
- storage.googleapis.com:443
Supported Operating Systems
The tunnel client currently supports Microsoft Windows Server 2016, Windows 10, and higher. This is subject
to change as operating systems become end of life with time.
The tunnel client is written in the Go programming language, and thus the tunnel client supports the same versions of Windows that
Go does. Upstream information regarding Go's supported versions of Windows is documented here.
Generally, Go supports Windows versions through Microsoft's Extended End Date (not the paid
Extended Security Update period.) These dates can be found
for each version of Windows Server on Microsoft's website.
Why not use a VPN?
VPNs are widely used for their flexibility, reliability, and security; however they pose a number of challenges including but not limited to:
- Interoperability
- Subnet Conflicts
- Routing and Firewall Issues
- Limited and Weak Ciphers
- Scalability and Availability
Because we often only need access to a single port on a single machine, we do not need the flexibility offered by traditional VPNs. This means using a different battle-tested protocol to mitigate many of the challenges outlined above. After significant research, development, and testing we've come up with what we believe will be generally more secure, much easier to configure, universal, highly available, and horizontally scalable.
Can I audit the code?
Absolutely! You may request access to the tunnel client code and internal documentation at any time after a signed Bushel SASS and Services Agreement is in place. The code will be released to you under a proprietary, non-transferable license and may not be used for any purpose other than connecting to the Bushel tunnel service. You may modify and/or compile your own derivative to better serve the needs of your organization, however we are unable to provide support for such installations.
What are your general security practices?
We implement many practices to ensure that our platform runs securely including, but not limited to:
- All data is encrypted at rest and before leaving the LAN
- Control and management interfaces are limited to internal networks
- Centralized configuration management and provisioning
- Process isolation via virtual machines and/or containers
- Access control and auditing of machine and service access
- Centralized logging and metrics
- Brute-force detection and mitigation
- Secure development practices including:
- Code reviews
- Use of version control systems
- Use of dependency management
- Knowledge and mitigation of attack vectors such as XSS, SQL injection, and numerous others
- Centralized builds and automated deployment
Metrics disclosure
Once an hour the tunnel client will report basic machine and process metrics back to our provisioning API which allows us to provide higher quality releases and predict outages due to machine resource constraints. e.g. a full disk. The metrics payload looks like this:
{
"logs": [
{
"time": "2019-03-11T22:39:31Z",
"level": "info",
"message": "Metrics update",
"data": {
"arch": "amd64",
"component": "metrics",
"executable": "C:\\Program Files\\Myriad Mobile\\Bushel Data Tunnel\\Bushel Data Tunnel.exe",
"hostname": "win16-dev01",
"metrics.cpu.0.cores": 2,
"metrics.cpu.0.family": "1",
"metrics.cpu.0.mhz": 2600,
"metrics.cpu.0.model_name": "Intel(R) Xeon(R) CPU @ 2.60GHz",
"metrics.cpu.0.stepping": 0,
"metrics.cpu.0.vendor_id": "GenuineIntel",
"metrics.disk.free": 23652352000,
"metrics.disk.path": "C:",
"metrics.disk.total": 161059172352,
"metrics.disk.used": 137406820352,
"metrics.disk.used_percent": 85.31449550212078,
"metrics.host.boot_time": 1552685008,
"metrics.host.id": "b7ca0473-f357-488e-8789-0d43bd96ebb7",
"metrics.host.name": "win16-dev01",
"metrics.host.os": "windows",
"metrics.host.platform": "Microsoft Windows Server 2016 Datacenter",
"metrics.host.platform_family": "Server",
"metrics.host.platform_version": "10.0.14393 Build 14393",
"metrics.host.procs": 77,
"metrics.host.uptime": 259862,
"metrics.load.cpu": "cpu-total",
"metrics.load.idle": 490647.484375,
"metrics.load.system": 20392.03124999994,
"metrics.load.user": 8688.328125,
"metrics.mem.available": 11559743488,
"metrics.mem.total": 13958225920,
"metrics.mem.used_percent": 17,
"metrics.runtime.memory.heap.alloc": 1581144,
"metrics.runtime.memory.heap.idle": 4718592,
"metrics.runtime.memory.heap.inuse": 2719744,
"metrics.runtime.memory.heap.objects": 8391,
"metrics.runtime.memory.heap.released": 2973696,
"metrics.runtime.memory.heap.sys": 7438336,
"metrics.runtime.memory.stack.inuse": 950272,
"metrics.runtime.memory.stack.sys": 950272,
"metrics.runtime.memory.sys": 11147768,
"metrics.runtime.memory.total": 59306544,
"metrics.runtime.num_count": 2,
"metrics.runtime.num_go_routine": 36,
"metrics.runtime.version": "go1.12.1",
"os": "windows",
"version": "2.0.2"
}
}
]
}
Report a security issue
If you discover a security vulnerability within the Bushel platform or related services, please send an email to our security team: [email protected].