Electrician Talk banner

Electrician and IT guy

2K views 13 replies 6 participants last post by  JohnR 
#1 ·
My job is now entailing setting up a web based controller to monitor the control systems we install, and they pushed it off to me to get them on the net for remote access. I'm OK with getting them on the local network, but not too familiar with remote access and port forwarding. Does anyone know of a class available that teaches this type of thing without teaching full blown IT work?

Thanks.
 
#4 ·
I just wanted to add that the security of the network is totally dependent on the application you are opening the port for. There is no problem opening a port, as long as the application is secure.

Port forwarding basically uses the public IP address and desired port of the router as the destination for the remote user. The remote user enter the public IP address assigned to the router and the port for that application. The router then internally translates this to the local IP address and port on that machine.

For example:

Router: 187.213.134.138
Application: 192.168.1.28 port 80

When you setup the router the user enters 187.213.134.138:80 and the router knows to act as the translator to 192.168.1.28:80. This is necessary because you cannot get to 192.168.1.28 directly from the internet, it is a local IP not visible to the rest of the world.

All of this is a sub-topic of Network Address Translation.
 
#5 ·
FlyingSparks said:
I just wanted to add that the security of the network is totally dependent on the application you are opening the port for. There is no problem opening a port, as long as the application is secure.

Port forwarding basically uses the public IP address and desired port of the router as the destination for the remote user. The remote user enter the public IP address assigned to the router and the port for that application. The router then internally translates this to the local IP address and port on that machine.

For example:

Router: 187.213.134.138
Application: 192.168.1.28 port 80

When you setup the router the user enters 187.213.134.138:80 and the router knows to act as the translator to 192.168.1.28:80. This is necessary because you cannot get to 192.168.1.28 directly from the internet, it is a local IP not visible to the rest of the world.

All of this is a sub-topic of Network Address Translation.
How secure do you think the older DSL routers are?
I've read recently that older routers from ISP's are not very secure.. I looked to see about updating the firmware and its not an option.
Mine is about 10 years old and I was thinking of a new one.. The rest of my network is up to date.. I'm hard wired and the wireless connections are all based on each MAC address so that's not an issue.
 
#7 ·
FlyingSparks said:
Thats a good wifi access control strategy that most are unwilling to do. Is it a combo router modem?

Anything 10yrs old likely has some unpatched security holes. I would recommended a netgear router.
Yes that one is..
The wifi router and all the others are set up as hubs only..
Thanks.
 
#8 · (Edited)
The devices in question are usually very low powered solid state computers. In some cases just the amount of traffic received by port forwarding from a public address can cause the device to stop functioning.

Control systems should never be exposed to the internet and belong behind a firewall. Expose your home network all you wish, but once you introduce things such as site lighting controls, exhaust fan controls, zone temp controls, additional precaution should be taken to avoid unwanted guests (ie firewall/ VPN router).


http://www.washingtonpost.com/inves...-cyber-risks/2012/07/11/gJQARJL6dW_story.html
http://www.net-security.org/secworld.php?id=14121
 
#14 · (Edited)
You would need to install a VPN server. If they didn't have one. Probably the easiest way for you to do it would be to get the server/ router, and have there IT dept open the DMZ or ports to that new network. Just make sure your that server has a different sub domain than the main network. This would look like 255.255.255.0 in your home network. You Probably should limit how many computers can connect to it by setting the internal subnet to 255.255.255.248 which makes sure only up to 6 devices can be on the network. 2 of which are the router/ server and your control device
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top