Connect to a network device by tricking the UI software

Started by JohnDoe, February 10, 2024, 11:23:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

JohnDoe

February 10, 2024, 11:23:19 AM
Hello!

I have a problem i need some help with.

The situation is i have a device that i program with an UI software.
Once programmed it is shipped to panel builders that incorporate the device into a panel.
The panel is then connected to a 4G router.

My device is connected to the router with a LOCAL address. The 4G router has a static IP which connects to the clients process network. Data stored on my device is reached through the public IP of the router of course.

Now the client wants to change passwords on a regular basis on my device for security reasons which is fine.
I need to reach my device with an UI software.
Now to be able to reach my device the administrative computer needs to be on the same network as the device itself (The LAN)
which means i need to connect directly to the device. I cannot use the public IP of the 4G router for this task.

So the question is can i set up a VPN like connection locally on the administrative computer like setting up a network adapter that the UI Software could connect to "tricking" it that it is connected directly to my device. The adapter the UI would use could be connected to the network adapter used to connect to the process network.

To add some more problems.
I cannot use my computer on the process network. I could only use a virtual machine for this. Located inside the process network.

Please see attached picture  :)

deanwebb

#1
February 12, 2024, 06:11:18 PM
Basically, the device has two connections: one to the 4G network for normal functionality and then a LAN connection for administrative work.

As such, there are tools on the market to allow "vendor gateways" as you describe so that the customer can permit you access to their network in order to take care of the functions you wish to discharge (password changes, maintenance, things like that) and the vendor gateways can be set up so that you only see what the customer wants to allow you to see - most likely, your devices and only your devices.

This can be accomplished with a VPN as you show here, but the risk is that with the VPN connection, you have access to more of the network. Therefore, using a front end that you access via the Internet and likely passes through a security vendor's cloud, you can be offered a more secure, restricted view. My firm has partnerships with CyberArk and Netskope that offer this kind of functionality through their customers' cloud portals.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions