Is our network still protected from attacks using syncthing?

Hello, we are running our ERP (Enterprise Resource Planning) software on a network of 12 computers, without connection to the internet (and this must not change!). The upcoming upgrade of the ERP system will come with a feature where emails are being created straight from the ERP system and they will appear in MS Outlook. As we do not want our ERP network being connected to the internet, I had the idea to use syncthing to create a copy on an “internet pc” from where we send our emails. Incoming emails would then be answered on the “internet pc”. (We don’t like the idea to have our data in the cloud, therefore I’d prefer the syncthing solution).

If I understand syncthing correctly, I could setup the local device (which would be the server) to send certain folders to the “internet pc” but without receiving anything from the “internet pc”. Do I understand this correctly and would this mean that our ERP network is without any connection to the internet? I cannot risk the possibility of getting a virus or ransom ware through the syncthing connection.

I am not an IT specialist (as you know by now!), therefore please bear with me! I would highly appreciate if someone could answer me and maybe elaborate a little deeper what is possible and what not.

Is it possible to connect the server and the “internet pc” with a LAN cable, thus saving on data transfer or would that be compromising anything?

I hope that I made myself understandable. Kind regards, Norbert

Syncthing aside, if you are really serious about this, you should really find/hire people who understand what they are doing.

Doing this by yourself with limited understanding etc, is asking for trouble.

The whole idea that two computers can connect yet one of them has internet access the other one does not, doesn’t seem water tight to me.

In general, syncthing syncs files, it’s default mode is to make both sides look the same, namely, if the internet connected computer will delete files, the “disconnected” one will follow suite.

Sure, you have folder types etc which might help with that, but general syncthing is bi-directional software, and using it in one direction is probably not a great idea.

In general, for me the whole idea seems a vit flawed, using syncthing to sync files that are supposed to be sent emails etc.

I think the right solution in your case is remote desktop solution from the disconnected computer to the connected one with effectively just mouse/keyboard enabled and perhaps clipboard. No file transfers, device forwarding etc. And the disconnected pc is firewalled off from anything else but just remote desktop connections to the connected pc.

3 Likes

Dear Audrius, thank you very much for your response and your thoughts on the topic. You are definitely right, I should be finding people who know what they are doing. I just thought we can’t be the only ones who are looking for a solution like I tried to describe and therefore I was hoping someone is coming back with a solution that works. I’m glad that you, as a “Syncthing guru” replied to my question and I will look into other solutions as you suggested. Best regards, Norbert

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.