Every network-enabled device represents a potential entry point. Whether in private installations, commercial facilities, or critical infrastructure – connected systems must be designed with security in mind.
This is especially true in professional environments such as research facilities, aquaculture operations, and industrial installations, where network integrity is essential.
GHL systems are engineered specifically to prevent misuse as a network backdoor.
Designed for Local, Controlled Operation
GHL controllers are fully functional as self-contained local systems. They do not depend on external cloud services or third-party servers to operate. Remote access via myGHL is an optional feature, not a requirement. Local network access works independently and does not require any external internet connection.
For environments with strict policies, network interfaces can be deactivated entirely, allowing operation via direct USB connection only.
No General-Purpose Operating System
GHL devices do not run Linux or similar operating systems. There is no SSH, Telnet, FTP, remote shell, or executable upload capability. This eliminates many of the typical attack surfaces found in network-enabled consumer control systems.
Authenticated and Limited Network Surface
When networking is enabled, only defined communication ports are active:
-
TCP 80 – password-protected web interface
-
TCP 81 – authenticated WebSocket communication (only if myGHL cloud service is enabled)
-
TCP 10001 – proprietary Control Center interface
-
TCP 10002 – proprietary API interface
The proprietary protocols and are not based on common service standards typically targeted in automated attacks. They do not provide generic access mechanisms and are designed solely for defined application-level communication.
For environments with strict network policies, ports can additionally be restricted.
Layered Control Architecture
The control core operates on a dedicated proprietary microcontroller without direct exposure to the network stack. Network communication is handled by a separate communication module. This layered architecture prevents the device from functioning as a relay, proxy, or pivot point into other parts of a network.
There is no mechanism that would allow a GHL device to tunnel external traffic into internal infrastructure.
No Remote Code Execution
Firmware updates are monolithic and performed only through authorized procedures. Uploading and executing arbitrary external code is technically not possible.
Conclusion
GHL systems are engineered as embedded control platforms with a deliberately minimized attack surface.
For professional IT environments and security-conscious users alike, this means predictable network behavior, controlled communication pathways, and a system architecture designed specifically to prevent misuse as a network entry point.
