Questions related to security
We have received many questions and interrogations related to security matters. Here are a few answers.
Q : What is the information that is sent by the device to Cloutik ?
By default, Cloutik deploys on your device :
– GetTaskCloutik : this script ensures that the device contact Cloutik to say hello and ask for instructions if any. It does not send any particular sensitive information
– GetHealthCloutik : this script sends to Cloutik some information related to resources (CPU, RAM, storage) and Trafic (download, upload). If you do not want to obtain in on your dashboard you can remove it.
– Logging information : this configuration allows to make visible in your account the logs flagged as Critical / Warning / Info. If you do not want to get them, just remove the Logging configuration
Some misconceptions we have read :
Cloutik will know everything going on at your site, copy of configuration…
No, Cloutik does not know anything about the Internet traffic of your device because only health information is sent by the device to Cloutik.
The personal information managed by your RouterOS device is not sent to Cloutik, except if you create some additional configuration to export it in your account directory.
You can also check the scripts by yourself, there is nothing to hide.
Q: Does Cloutik have access to my device when I enable Remote Webfig ?
What happens if Cloutik get hacked? Could some get in to all routers Cloutik handles?
No, Cloutik allows to generate a Private VPN to your device, but it does not interfere with the administrator login. Then, if you do not have set a password, yes everybody can now access your device (which is a bad idea). But if you have set a (good) password, no one except you can access your device. Actually you would see such connection in your logs
Our job is to make sure Cloutik does not get hacked. But even if we were hacked, the hacker would not get in your device because we do not store the device passwords.
Q: Does Cloutik reduce the security of my Device ?
No, the goal of Cloutik is to ease a remote management of the device. If your RouterOS configuration remains with no password or with all services opened (telnet, ssh…) then your security is already too poor and making it managed by Cloutik will not help.
But if you already took care of basic security requirements, then Cloutik will just help you to monitor your device.
Note that we suggest that you unable the ‘Remote Webfig’ feature when you do not need it.
Q: What if I setup a direct link to my device (VPN, DMZ, other) to manage my device ?
Sure, Cloutik is only one way to manage remotely a RouterOS device. But you can use all the RouterOS native features (VPN) or create some breaches in your WAN router (e.g. DMZ, NAT/PAT). Is it more secure ? We are not sure but it depends on you and we wish you good luck 🙂
Q: Can I use Cloutik simultaneously with another VPN or Logging service ?
Sure, we have many customers that are using some complementary services on their device. For example to retrieve all their logging information to another dashboard (Splunk or other Syslog services) or build some custom VPN services.
Remember that the Cloutik VPN service is only there for remote management, the Internet traffic of the device does not go through Cloutik. But you can use some Cloutik configuration to ease the configuration setup with some VPN services (ExpressVPN, NordVPN, other).
And the Cloutik logging feature is not designed to get ALL logging traffic that can be sent by a RouterOS device (can be huge). So if you want to store all logs for a long duration, you should deploy your own server for such purpose.
Q: Can I deploy the Cloutik software in my own datacenter ?
We are working on it. If you are interested just contact us to look if we can help.