LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Disabling DataSocket Access to Specific Network Connection

Hi Group,
 
I have DataSocket server running on a PC with two active LAN connections (2 x Network cards).  The main connection is to our corporate LAN/WAN.  The secondary connection is to a fixed set of several computers for our monitored process.
 
The way the system is currently configured, the Datasocket server broadcasts datasocket data to both connections.  For this application I want to disable data broadcast on the Corporate LAN while retaining it on the secondary LAN system.
 
Is there a setting in Datasocket Server that I can use to prevent it from broadcasting to the primary network connection?
 
Is there some other solution (eg. Port blocking) etc that I can use that may be more suitable to this requirement?
 
Any advice is appreciated,
 
Thanks,
Laurie
0 Kudos
Message 1 of 4
(2,393 Views)
Hello,
 
You can use the DataSocket Server Manager to configure permissions groups (see Start>>Programs>>National Instruments>>DataSocket>>DataSocket Server Manager, and click on DefaultReaders).  More specifically, you can an Administrators, DefaultWriters, and DefaultReaders group.  By default, the DefaultReaders group is "everyhost" which allows everyone to read.  However, you can change this to be an arbitrary group by specifying IP addresses of those you would like to be able to read; others will not be able to read.  Further, you can use syntax like 10.0.*.* to specify a list of IP address of the form 10.0.anything.anything.
 
I think this is what you were looking for; if you have further questions, or something has been misinterpreted, feel free to repost!
 
Thank you,
 
JLS
Best,
JLS
Sixclear
0 Kudos
Message 2 of 4
(2,375 Views)

Hi JLS,

Thanks for your reponse. 

That gets 90% of the issues sorted, and in fact I have already set up appropriate Read/write access to specified PC's.  However, it still leaves the ability for someone to hook on to the larger corporate LAN (multi-city wide, several thousand PC's) with a PC configued to imitate one of the valid/allowed IP addresses and retrieve data.  This is potentially quite a good piece of functionality when required, but in this case it is not so good.

If I could prevent data from being transmitted on that main LAN connection then there would be much reduced risk of data "theiving" etc.

The risk to the business isn't too severe with the sort of data that is being brodcast - but it's best to cover our bases where possible...

I do need the Server PC connected to the main LAN as it uses various configs etc from the main corporate servers.

Can you think of any other functionality that I might be able to exploit to do what I need?

Thanks once again,

Laurie

 

0 Kudos
Message 3 of 4
(2,372 Views)
Hello,
 
I don't think I understand exactly the functionality you are looking for.  Is it that you would like DataSocket to be available on the LAN, but not to someone who imitates a valid IP address?  This would be tricky, because it comes down to a network security problem I guess.  The server can be launched and configured programmatically; would it be possible to monitor and change the number of allowed connections to restrict imitations?  That is, you could have an application which allowed a user to login... if they login, they get access and you increment the number of allowed connections.  When they logout, you would decrement the number of allowed connections.  This way you would at least have the added security feature that a user would have to know certain login parameters in order to gain access, and not simply connect a PC to the network.  i realize there would be some details to deal with if this is even sufficient, but perhaps you can comment on the plausibility of this, and perhaps clarify precisely what network activity you would like to restrict!
 
Thank you, and I hope we can find a clean solution to this problem!
 
Best Regards,
 
JLS
Best,
JLS
Sixclear
0 Kudos
Message 4 of 4
(2,362 Views)