My job is now entailing setting up a web based controller to monitor the control systems we install, and they pushed it off to me to get them on the net for remote access. I'm OK with getting them on the local network, but not too familiar with remote access and port forwarding. Does anyone know of a class available that teaches this type of thing without teaching full blown IT work?
Just browse around the router its pretty easy to accomplish but its insecure. The device will see a large amount of traffic and attacks. A vpn router is what we recommend.
I just wanted to add that the security of the network is totally dependent on the application you are opening the port for. There is no problem opening a port, as long as the application is secure.
Port forwarding basically uses the public IP address and desired port of the router as the destination for the remote user. The remote user enter the public IP address assigned to the router and the port for that application. The router then internally translates this to the local IP address and port on that machine.
For example:
Router: 187.213.134.138
Application: 192.168.1.28 port 80
When you setup the router the user enters 187.213.134.138:80 and the router knows to act as the translator to 192.168.1.28:80. This is necessary because you cannot get to 192.168.1.28 directly from the internet, it is a local IP not visible to the rest of the world.
All of this is a sub-topic of Network Address Translation.
I just wanted to add that the security of the network is totally dependent on the application you are opening the port for. There is no problem opening a port, as long as the application is secure.
Port forwarding basically uses the public IP address and desired port of the router as the destination for the remote user. The remote user enter the public IP address assigned to the router and the port for that application. The router then internally translates this to the local IP address and port on that machine.
For example:
Router: 187.213.134.138
Application: 192.168.1.28 port 80
When you setup the router the user enters 187.213.134.138:80 and the router knows to act as the translator to 192.168.1.28:80. This is necessary because you cannot get to 192.168.1.28 directly from the internet, it is a local IP not visible to the rest of the world.
All of this is a sub-topic of Network Address Translation.
How secure do you think the older DSL routers are?
I've read recently that older routers from ISP's are not very secure.. I looked to see about updating the firmware and its not an option.
Mine is about 10 years old and I was thinking of a new one.. The rest of my network is up to date.. I'm hard wired and the wireless connections are all based on each MAC address so that's not an issue.
The devices in question are usually very low powered solid state computers. In some cases just the amount of traffic received by port forwarding from a public address can cause the device to stop functioning.
Control systems should never be exposed to the internet and belong behind a firewall. Expose your home network all you wish, but once you introduce things such as site lighting controls, exhaust fan controls, zone temp controls, additional precaution should be taken to avoid unwanted guests (ie firewall/ VPN router).
I was just clarifying that it depends on the application's security. You are right that a ddos attack can take most systems down. In the end it comes down to what the client wants. We have our lighting control and cctv on a seperate network.
VPN software allows you to remotely connect to your network as if you were there.
To accomplish this there are hundreds of solutions. Routers, windows server, etc. You should talk to your client's IT person to figure out the best solution for them.
You would need to install a VPN server. If they didn't have one. Probably the easiest way for you to do it would be to get the server/ router, and have there IT dept open the DMZ or ports to that new network. Just make sure your that server has a different sub domain than the main network. This would look like 255.255.255.0 in your home network. You Probably should limit how many computers can connect to it by setting the internal subnet to 255.255.255.248 which makes sure only up to 6 devices can be on the network. 2 of which are the router/ server and your control device
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Electrician Talk
2.3M posts
93.3K members
Since 2007
A forum community dedicated to professional electricians, contractors, and apprentices for residential and commercial work. Come join the discussion about trade knowledge, tools, certifications, wiring, builds, scales, reviews, accessories, classifieds, and more!