Accessing a device from outside the corporate network

[pixelpaul]

We help companies with their carpool / ridesharing programs. Our app tracks how employees get to work using alternative means of transportation, for example carpools, walking, taking the bus, etc. We've been doing this for over 20 years. We've been using credit card terminals which the employees swipe using a 'Commuter Card'. These terminals work over dial-up modem. However, we are switching to ethernet based terminals. The customer will install the terminal on their corporate network. The plan is then to initiate communication with the terminal and download the swipe records to our office computers.

My company is not in the network business. What network information does the network admin need to provide to allow us access to the terminals? On the terminal itself, I see that they can select
Static or DHCP protocol
IP
Netmask
Gateway

Is this sufficient information for us to access the terminal? Aren't firewalls involved? Any other info we need to get? Any help is much appreciated.

 

[JackMDS]

This topic involve security issues and knowledge beyond a scope of online open forums.

You will be better served by seeking personal help of a consultant.



😎

 

[pixelpaul]

Jack, thanks for your suggestion. Is there a recommendation on how to find a qualified consultant?

 

[yinan]

I wouldnt let you install this on my corporate network.

 

[seepy83]

pixelpaul - you're right, the customer is going to need to open some ports in their firewall and forward them to your device. Exactly what needs to be done, what is required on the customer's network, and if they are willing to do it or not, is going to vary from customer to customer.

 

[Fardringle]

It would be much simpler to have scheduled times for the terminal to initiate contact with the web/home server and upload the data automatically. Most places are going to have outgoing connections for port 80 (HTTP) and 443 (HTTPS/SSL) already open so you won't have to worry about opening incoming ports and adjusting the network security for every location that has a terminal.

 

[seepy83]

It would be much simpler to have scheduled times for the terminal to initiate contact with the web/home server and upload the data automatically. Most places are going to have outgoing connections for port 80 (HTTP) and 443 (HTTPS/SSL) already open so you won't have to worry about opening incoming ports and adjusting the network security for every location that has a terminal.

Definitely. OP might even end up wanting/needing to install both the card terminal and a separate workstation/pc that handles communication with the card terminal and connecting data on the local network and then uploads the data back to their servers.

 

[Railgun]

My company is not in the network business. What network information does the network admin need to provide to allow us access to the terminals? On the terminal itself, I see that they can select
Static or DHCP protocol
IP
Netmask
Gateway

Is this sufficient information for us to access the terminal? Aren't firewalls involved? Any other info we need to get? Any help is much appreciated.

You need to provide the following within your documentation at a minimum. How the customer implements it is up to them.

-Your source IPs.
-The protocol it works on.
-The ports the device runs on. If on standard ports, I'd highly recommend changing that, in particular if it's only inbound from you.
-Whether it's inbound or outbound communication (who can initiate it. I'd recommend that it's a push from the client, not a pull from you).

Companies generally don't like allowing inbound communication like this unless they're hosting something. Most companies that implement this should place it into a DMZ anyway.