Gateway Web Page Security

After a recent upgrade of Ignition to 8.0 I noticed that the gateway web page exposes a lot of parts of Ignition that should be hidden or inaccessible until a user has been authenticated. For example I was able to download and install designer without entering any passwords. I think the Download Designer button should be hidden until the user has logged in to either the status or configure screens.

Even exposing the fact that this is an Ignition installation could be useful to bad actors trying to hack our systems.

Can we have an option to sanitize the initial gateway web page to only show the login screen until a user has properly logged in?

It’s like that in 7.9 too. Seems like you could use the gateway SSL port to help protect the homepage which is 8043 instead of 8088?
https://docs.inductiveautomation.com/display/DOC79/Gateway+Security

Also, be sure to set Home Page, Designer and Gateway roles in the gateway config.

Also also, consider the use of a VPN.

If a bad actor gets as far as seeing the gateway, you already have bigger issues.

Even better - you can set a Homepage Redirect Url to return whatever page you want when someone tries to access the homepage.

That would be great but then how do legitimate users get back to the gateway page?

I don’t think that’s what you want here. Just set an appropriate role for the Home Page access in the gateway config.

We have a role set up for Home Page access and there is still a lot showing on the gateway page, including the button to download designer.

Downloading a Designer is not the privileged operation you think it is. Anyone can download any designer launcher from any Ignition gateway and point it wherever they want. There’s no privileged information there unless they can also log in and have privileges in the designer.

Can you clarify what security risk you consider downloading the designer launcher to be? It’s not something specific to your gateway - it’s a generic application that could be downloaded from any Ignition gateway. Downloading it reveals zero information about your actual gateway.

You are correct in that one still needs to log in after downloading the developer. My bigger concern is exposing the fact that the user has reached an Ignition gateway page. This would be helpful to a hacker if they knew of some vulnerability in Ignition.

There is nothing like what you’re asking for, then.

(assuming what you’re asking for is a completely bare login screen with zero idenitfying information or graphics)

It’s also, honestly, a bit of a moot point. Security through obscurity isn’t security. There’s about a thousand ways to determine if an Ignition gateway is running - off the top of my head, they could also scan for the OPC-UA server port, or the GAN port, or check the (also unsecured) /StatusPing or /gwinfo routes.

We’ve had Ignition externally (and publicly) audited multiple times. If you’re concerned about a theoretical zero day, then the actual solution is to minimize the attack surface, IE, use a VPN as @JordanCClark mentioned. Relying on a malicious actor to not attempt an attack just because they don’t know it’s an Ignition system isn’t going to pan out well.

2 Likes

I have the gateway home page redirect set up and then have a sub domain name that points back to gateway. So mygateway.com points to google.com for example but xzy123.mygateway.com gets to my real gateway.

On top of that I have SSL to include sub domains as I use sub domains to point to different projects and set the user roles as above.

The users see mygateway.com/perspective/project… in their browsers but If they try and delete everything after the .com which would get them to the gateway they get directed away.

I use our company web site as the re direct landing page.

I tried to set up URL masking with the sub domains but couldn’t get it working with SSL. The project would open with the masked URL but non secure, even though the gateway is set to force to SSL. I gave up in the end.