Security scans against the StarLeaf Cloud
Managing Cloud Troubleshooting the CloudLast updated April 11, 2017
StarLeaf takes security very seriously. The StarLeaf Cloud architecture ensure the highest level of security. We continually work to improve the security of the StarLeaf Cloud. However, security scans are confused by the StarLeaf Cloud in respect to activity on port 443.
This article is about the StarLeaf Cloud Border Controllers that are present in the StarLeaf Cloud and provide the nodes for [your organization name].call.sl through which every StarLeaf endpoint connects to the StarLeaf Cloud. This article is not about the StarLeaf Session Border Controller (SBC 6350) product.
StarLeaf Cloud Border Controllers listen on port 443. However, they are not standard web servers. The only traffic allowed to that port is the connections from StarLeaf endpoints. Every connection is verified using the StarLeaf certificate included in the software or hardware installation. Any other traffic is rejected.
The StarLeaf Cloud Border Controllers use port 443 as this ensures our traffic can traverse most firewalls, however, this makes the StarLeaf Cloud Border Controller appear to be a web server.
StarLeaf Cloud Border Controllers are very different to standard web servers, which accept connections from any web browser with no trust relationship in place. In that case, the client authenticates the remote server using the server’s Certificate and extracts the Public Key in the Certificate to establish the secure connection.The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority. StarLeaf endpoints only accept server responses from the StarLeaf Cloud Border Controller and that has a StarLeaf certificate; no mutually trusted third party is needed because the both sides of the connection are produced by StarLeaf.
In the case of a public web server, it is possible for a client to choose a poor quality cipher if one is advertised. Because StarLeaf controls both the client and the server sides of all connections to this port, we can guarantee a high quality cipher is used, in this case AES256-SHA.
For more information about security and the StarLeaf Cloud, refer to the Security Whitepaper available at StarLeaf Resources.