19. July 2023

3 Min read

    Contents

      Written by Reinhard Burkert

      Product Manager Smart Networks

      Zero tolerance

      How secure is the DCIM software R&M inteliPhy net? Our customers ask this question every day. Our clear answer: «Zero fault tolerance» and «zero risk tolerance» apply to security awareness at R&M. R&M subjects the DCIM application inteliPhy net to a recognized and strict safety test with every major release.

      Experts call it the pentest = penetration test. It confirms that according to current findings, no one from outside can use the software for cyberattacks or steal data with it.

      R&M commissions external specialists to carry out the test. These guarantee a neutral, independent assessment.

      Top 10 risks covered

      The tests cover the «Top 10 Web Application Security Risks» defined by the Open Worldwide Application Security Project (OWASP). The «OWASP Top 10» is regarded as a kind of industry standard for raising awareness among developers and for the security of web applications. It is recognized by software developers around the world as a principle for safer programming.

      Here are some examples of the security criteria that are tested in a pentest:

      • Attacks by SQL injection. For example, an SQL program is entered into a dialog box and then executed by the attacked application without further control.
      • Attacks based on cross-site scripting. An attacker builds an «evil» website with malicious code into an existing site.
      • Attacks on session management. This is about stealing or falsifying session information.
      • Attacks on authentication mechanisms to perform unauthorized actions or steal data.
      • Data theft due to intentionally generated malfunctions.

       

       

      What is a pentest?

      A pentest helps to identify potential vulnerabilities before they can be exploited by attackers. With targeted attacks, the tester tries to detect and exploit security gaps. Software developers and IT managers can thus close any gaps and install additional security hurdles before the official release.

      The most recent pentest for inteliPhy net took place in the first quarter of 2023 and took around ten working days. This shows that this is not a quick look at the code, but a thorough investigation. It will be repeated with each major release.

      Even greater reliability

      That is by no means all that R&M does for the security of the DCIM software. In addition, there are:

      • An internal security manual developed in collaboration with cyber security experts.
      • A system of best practices that tells software developers how to write secure code («Security by Design»).
      • A separate department for Software Quality Assurance verifies each release according to a test plan.

      What can users do?

      With the DCIM software R&M inteliPhy net, data centers can work at the highest security level. During installation, inteliPhy net becomes an integral part of the customer’s security architecture. It runs on their Intranet (on-premises). As a result, inteliPhy net is subject to the customer’s specific security regulations in day-to-day use.

      You can try out R&M inteliPhy net for free and see for yourself how powerful it is. Here you can find all the information about the DCIM application from R&M.