I recently discovered that the provider of a software service to which my company subscribes can identify details of devices connecting to their service through our internet gateway that I would rather they not have access to. Obviously they would be able to identify the WAN-facing IP address we are using. But I believe they can also see the LAN IP addresses, and device names (like “Keiths iPhone” or “Abes Opti7010”). Maybe more. This makes me extremely uncomfortable, particularly with regard to personal devices like phones and laptops. I would like to block all of this information from being visible on the WAN side of the firewall. Is this possible? Is this possibly a router (as opposed to firewall) consideration? Looking forward to suggestions. Thanks.
When in NAT mode (which is typical) servers you connect to on the internet / cloud can only see the wan ip of the router / firewall in question. If your software provider has visibility of more than that then there is a leak of that data at an application level.
They definitely CAN see further details, so I am going to have to work with the VAR who works with my server and in-house components to get this tightened up. Thank you so much.
A guy I know used a dodgy copy of a CAD package for 5 years. Last year lawyers contacted him and told him he needed to pay a fine and stop using it. He denied it of course - they then sent him a spreadsheet that listed the private and public IP addresses, computer names, wifi ssids and logged in user names on every system he had owned in that period and run the stolen software on. This was recorded by the application and sent to their servers. This idea of applications ‘calling home’ is not new but it is very very difficult to mitigate against.