More
Internet connections, more intrusions.
The number of installations and
devices connected to the Internet is increasing more and more, and with it, the
number of attacks and intrusions to these networks increases.
There are several types of
facilities: industrial,
commercial, companies or individuals that connect to
the Internet through a Fiber, 4G or ADSL router with very different devices:
·
DVR video recorders or IP cameras.
·
Servers, NAS, computers, etc.
·
PLCs, HMIs or programmable controllers.
·
Meteorology stations, sensors and actuators.
·
Dataloggers and consumption meters.
·
IP phones, switchboards, assistance controllers, etc.
On regular basis, it is
necessary to remotely access these devices on the LAN, either to carry out
maintenance tasks -such as updates or corrections- or simply to carry out the
proper use for which that device is intended (see images, telework, read data,
etc.)
Obsolete
remote connection methods.
To be able to enter remotely,
the public
IP address of that router typically has to be
known either because it is fixed or because it has a dynamic DNS service
known as DynDNS or No-IP. Later, "NAT or" open ports "is
done.
In this way pointing to that IP
or DynDNS with the appropriate port you can access the services or devices on
the LAN.
Example-1:
View the cameras MyHome.Dyndns.org port: 8080
Example-2:
Remote Desktop MyOffice.dyndns.org port: 3389
This practice has been the case
for years, but nowadays, due to the constant increase in cyberattacks and their
high level of preparation with advanced techniques, what is achieved using this
practice is exposing the entire LAN network and the services it supports.
Unfortunately, it is easier
than you think to carry out a cyberattack.
How
to connect remotely and securely.
Currently a good practice to
make secure remote connections is to use a VPN or Virtual Private Network.
It is a connection technique
between two points through the open Internet network, but with a certain degree
of privacy, depending of course on which VPN is used and how it is configured.
A well-built VPN must
meet the following 3 premises:
·
Integrity implies that the data is not manipulated, and that what is
transmitted reaches its destination without being altered.
·
Authentication means that the participants identify themselves, therefore
who they have to be.
·
Encryption, which allows the confidentiality of the transmitted
data.
Not
all VPNs contemplate the 3 premises
How
to set up a VPN network
Creating a VPN network can
be a complex task and sometimes requires technical knowledge, although there is
nothing that cannot be done by consulting guides and tutorials on the internet,
therefore it is a matter of time.
On the other hand, if what you
want is a reliable
and professional solution, in the VITRIKO portfolio of
products and services, we have VPN software , with maintenance, updates and
24/7 support to securely connect both your office and your
facilities of any kind.
The solution in the image shown
below ( LAN +
VPN Router )
can protect you against attacks and facilitate
the connectivity of your remote facilities.
The impact on the configuration
of your network is minimal, the
start-up can be done in less than 5 minutes . Thus
being able to connect safely, by VPN from any device and to any device:
Servers, Linux, Windows, Mac, Tablets, Cameras, PLCs, etc.
Unfortunately, due to lack of
time, knowledge, involvement or another factor, millions of installations of
all kinds connect to the Internet without any type of security , using obsolete
techniques.
Unfortunately, the serious impact of a cyber
attack is underestimated .
A VPN solution is key in any
installation.