Can I restrict a device to access to LAN only?

Toggle sidebar Toggle sidebar
O

orangejoe

Reputable
Jan 30, 2016
5
0
4,510
Hi, I have a device and I’d like to restrict it’s internet access completely except to my mongoose self-hosted files. I’m using an Asus RT-AC68U.

With this device I'm already able to easily access my self-hosted files using mongoose (with a URL like http://192.168.X.XXX:XXXX) but I'd like to lock out all other internet access. Is this possible? Thanks.

 
Solution
PacManCan
In the network card set a static IP (outside the routers DHCP range), subnet mask and DNS (usually the router) on the PC, leave the default gateway blank. This will allow the PC to access other devices on LAN but not the internet.

PacManCan
Sort by date Sort by votes
In the network card set a static IP (outside the routers DHCP range), subnet mask and DNS (usually the router) on the PC, leave the default gateway blank. This will allow the PC to access other devices on LAN but not the internet.

PacManCan
 
Upvote 0 Downvote
Solution
No you would set this on the "Device" whatever that may be. Make sure the static IP is outside your DHCP scope.

Most devices have a web interface page for configuration of network settings.
 
Upvote 0 Downvote
I'm not sure how to set the static IP outside my DHCP scope. When I try to it gives me an error.

Also my device insists on having a gateway, it won't accept it blank or all zeros.
 
Upvote 0 Downvote


Try putting the static IP address you give the device as the gateway.
 
Upvote 0 Downvote
Hi,

For this purpose, you need to login to the router. So, you have to open the web browser on your system.

Then, you need to provide the IP address of the router as 192.168.0.1 on the address bar of the web browser.

Once you have provided these details, it will show you the login screen where you have to provide your username and password.

If you have given these details, you can enter into the configuration access point. In this place, you can get the chance to change all the settings in the most effective manner. As the way, you can even alter the security settings to protect your network from the intruders. In this manner, you can login to the router for altering these settings in the highly effective way. You can find more info here : http://www.192168ll.net/


Best regards

Marija
 
Upvote 0 Downvote
There's a couple of things you can do to help restrict the use of the application to a specific office location and specific devices, although as other answers point out none of them are absolute protection

Setup a firewall in front of the application to restrict the IP addresses allowed to access the application to the clients external IP address range. Most companies will have static IP addresses (find more info on this link: http://www.ipaddressdefinition.org/192-168-1-1/) on their Internet facing routers and if you set the application only to be accessible by those IP addresses it would be harder for an unauthorised person to get access to it unless he is in their office. TBH this sounds like the approach that will work best for your customers requirement
You could also use client Certificates on authorised devices. As @adnan points out it may be possible to move those to another machine but that would require the attacker to either be a staff member of to have unuthorised access to one of their systems
perhaps as a detective control you could combine this with browser fingerprinting (e.g. panopticlick ). Create a list of devices and their finger print, then if the client cert is used on a device which doesn't match the fingerprint you can block it.
As I say these aren't absolutes but then nothing in security is. If all your customer is looking for is to stop people from outwith the company seeing their site, I'd go with the source IP address filter approach.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom