On Sunday 02 March 2014 13:44:17 Mark Wendt did opine: > On Sun, Mar 2, 2014 at 9:33 AM, Dave Cole <linuxcncro...@gmail.com> wrote: > > For most purposes I can immediately for see, I would keep this > > LinuxCNC to remote web server / monitor network off the WWW anyway. > > Other than perhaps a wireless link via an AP which can use standard > > security protocols. > > These devices are so cheap now, if I want web access near my > > mill/machine tool, get another Android tablet and link that to the > > web. Or am I missing something? > > Most networks in the plants I work in have Web access blocked. So I > > need to seek out a Web enabled Ethernet port or wireless connection > > when I want to get outside the plant. > > Sometimes I have to use my phone as a hotspot so I can download a > > manual or get an email. > > > > Dave > > Dave, > > Depends on the network. If your ethernet is all copper, and there's no > access to the world, it's probably okay. But, if you can get out, > somebody can get in. If the reason for adding something like this is > to enable remote viewing of what's going on, you are going to have some > kind of network, no way around it. If that network even touches the > outside world, you open yourself to the risk of somebody getting in > your pants and causing problems. > > If, however, it's a completely closed network, copper cable only, that > would be okay. But, the minute you introduce wireless into the > equation, you open a can of worms. That web server was designed to be > run on an Android system, which more or less requires the application > to be light weight. You can't cram in a whole bunch of security > features into a light weight program, without the "light" part going > away - both size of the program and machine overhead. > > I'm just very wary of exposing a machine controller to software that > opens up a lot of security concerns. Remember, this software is > installed on the controller. Low security software that opens ports on > a machine are a glaring invitation to those who are interested in > causing mischief. And wireless is really not very secure at all. > > Mark
I do have such a setup out in the shop building, and have had a fully bridged AP setup there, basically so I wouldn't have to string an almost too short piece of cat5 from the hub to a teeny little table the lappy lives on when I need to sit down and write some gcode by ssh -Y into one of the machine controllers. At any one time, I have one of those pocket wifi sniffers that can see a half a dozen similar routers scattered about my neighborhood. In 5 or 6 years, I have had one outside signal come into the system and go on out on the internet, apparently uninterested or un-aware of the extent of my local network. No clue if he was watching porn or what, but I reached into the router and disabled the radio, then setup a WPA2/AES login with a loooooong passphrase, and have had no further trouble. However, trying to get that same security model setup in the Mint14 that is currently on the lappy, I am back to using the short cat5, stretched across the front of the machines and definitely in harms way. I understand Mint16 is out now, and maybe it has a smarter wpa_supplicant that can do that security, because the cable really is a PIMA. So, my one "breakin" was benign in its effect on me other than hogging some bandwidth. > ------------------------------------------------------------------------ > ------ Flow-based real-time traffic analytics software. Cisco certified > tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow > Analyzer Customize your own dashboards, set traffic alerts and generate > reports. Network behavioral analysis & security monitoring. All-in-one > tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.c > lktrk _______________________________________________ > Emc-users mailing list > Emc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/emc-users Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> NOTICE: Will pay 100 USD for an HP-4815A defective but complete probe assembly. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users