I have a Windows 10 PC which serves as the controller of a laser cutting machine. The PC has updates turned off to ensure that nothing ever changes that could cause a future issue or incompatibility with the machine that it is dedicated to.
Since it will not receive windows updates, I therefore do not trust this PC and want to keep it isolated from the rest of my network.
However, it needs to have access to one network share (on a NAS) so it can access its laser cutting programs and related files.
I already have the PC on its own subnet and vlan which is isolated from the rest of the network, and which does not have internet access. But giving it access to the network shared drive of gives it access to this important shared resource.
What are the best practices for allowing access to a shared drive, by an untrusted PC like this?
Put the files needed in a folder that has a separate, dedicated share.
If you want to only read (download) those files from the computer connected to the laser cutting machine, create an HTTP share, using for example Apatche, and make that share password protected, if needed