As more and more security teams adopt cloud-based security automation tools like DTonomy, it’s increasingly common for security analysts to encounter situations where they need to integrate cloud products with on-premises products to achieve end-to-end automation. Many on-premises software products provide REST APIs for programmatic access but are only accessible within the LAN (Local Area Network). Here are three ways to overcome that limitation and ensure smooth automation between cloud and on-premises systems:
Forwarding a port allows a connection from the internet, through your router, to a device on your network. To forward ports, you need to know the ports the application uses and the IP address of the device you’re forwarding ports to.
Step 1: Log in to your router through your web browser. To find your router’s IP address, use the command prompt or check the network settings in Windows 10 and later, where the router’s IP address is listed as the default gateway. Enter this IP address in your web browser’s address bar. Most routers require a username and password, which you can find in the Router Passwords guide.
Step 2: After logging in, locate the port forwarding section. This may be under Games & Apps, Virtual Server, or NAT.
Step 3: When setting up port forwarding, identify the ports to be forwarded (usually listed as TCP and UDP). Ports can be specified as a single number, a range of numbers, a list separated by commas, or a combination. It’s generally okay to forward more ports than needed initially, then selectively limit the ports later to enhance security while maintaining functionality.
If your LAN is hosted at home, many ISPs implement Carrier-grade NAT (CGN or CGNAT) as a middle layer, shifting NAT functions from the customer premises to the ISP network, making traditional port forwarding ineffective.
As an alternative, use a third-party service like Ngrok to establish a secure channel between the internet and your local host. For detailed instructions, refer to Ngrok’s documentation on their website.
For security reasons, some customers may not want to expose the REST API of specific on-premises products to the internet. In such cases, deploying a boundary machine exposed to external access can serve as a stepping stone. DTonomy can establish a secure SSH connection to this boundary machine, then execute a script on it to access the REST API of the on-premises product available only on the internal LAN.
We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!