I'm working with a door controller system that has a web interface accessible on an IoT VLAN. We currently have firewall rules set up to allow access from our STAFF VLAN and VPN for remote users. However, some staff want to access the system from their phones, especially when they need to unlock doors remotely. While I could set up a VPN for their phones, I want to avoid the hassle of troubleshooting VPN issues after hours. What are some reliable web application proxies or methods to securely expose this IoT device without directly exposing it to the internet? I'm looking for options that limit access to trusted providers without having to set up local Linux servers, which isn't feasible for us right now.
7 Answers
You can run Cloudflare services on Windows too! Just secure it with MFA to enhance security. If you have to expose it, make sure to tightly control the IPs allowed access.
Remember, 'S' in IoT stands for security! Always assume that any IoT device could be compromised when exposed online.
What about Tailscale? Just keep in mind you might still need a Linux box, though.
Have you considered using the Azure Application Gateway? It could be a good fit for your needs, and it might simplify the process for you.
That sounds promising! I was hoping someone would mention it. I’ll give it a try.
Exposing your IoT device to the public internet is generally not a good idea! The risk of an insecure device getting hacked is high, so I'd suggest keeping it as secured as possible. Using services like Cloudflare or another trusted provider to handle authentication could help mitigate risks, but still, proceed with caution.
Exactly! It's better to keep IoT devices off production networks completely to avoid any potential breaches.
Totally agree! Any IoT device can be hacked if it's not properly secured.
Using a reverse proxy with mTLS would be a good strategy. Just ensure your IoT VLAN is isolated and the device is patched against known vulnerabilities.
If you really need to expose it, go for a reverse proxy with proper certificates to secure the connection. That way, you can prevent automated access to the vulnerable IoT app code.
Yeah, that's my issue. I'm trying to avoid Linux setups for now.