Just a simple question about network security

Toggle sidebar Toggle sidebar
P

PepperBreath

Senior member
Sep 5, 2001
469
0
0
I have a wireless laptop and a wired desktop behind a WRT54G with WPA2 enabled with a 63 character key.

I have one port (5900) set on port forwarding on the router to point to my desktop because I occasionally use UltraVNC.

In my last thread that went unanswered, I've had some network problems sharing files on the desktop to the laptop. However, if I enable simple file sharing, everything works and the laptop can get access to the files.


So here's the question:

With that single port (5900) being forwarded to my desktop, is there a risk of someone getting access to those shares from the WAN side of my router? I'm not too concerned from people getting access from the inside since I've done all the "routine" security measures as well as using WPA2 with the max allowed passcode. I'm only really worried about people on the WAN side. Is that a security risk or am I safe from the Internet side of things?
 
R

ripn

Member
Nov 10, 2004
32
0
0
I would say set UltraVNC to a port that isn't default (ie 43021) if you are going to forward a port to it from the internet. I can't see a way for anyone to access the shares from the net in that scenario. My concern would be a exploit for ultravnc similiar to the recent one for realvnc.
 
E

engineereeyore

Platinum Member
Jul 23, 2005
2,070
0
0
Originally posted by: PepperBreath
I have a wireless laptop and a wired desktop behind a WRT54G with WPA2 enabled with a 63 character key.

I have one port (5900) set on port forwarding on the router to point to my desktop because I occasionally use UltraVNC.

In my last thread that went unanswered, I've had some network problems sharing files on the desktop to the laptop. However, if I enable simple file sharing, everything works and the laptop can get access to the files.


So here's the question:

With that single port (5900) being forwarded to my desktop, is there a risk of someone getting access to those shares from the WAN side of my router? I'm not too concerned from people getting access from the inside since I've done all the "routine" security measures as well as using WPA2 with the max allowed passcode. I'm only really worried about people on the WAN side. Is that a security risk or am I safe from the Internet side of things?
Click to expand...

Holes in your network are similar to a shotgun wound. One small hole up front may result in some big holes on the back.

Explanation. I need only one hole to get into your computer. Once there, I can get anywhere I want. All the holes on your personal network are exposed as soon as the one hole you have open is exposed. Does that make since?

If you've done everything you can limit access through that port, then you'll be ok. I'd recommend you have a few setting on your personal computer firewall to only allow access to your computer through that port from a specific ip address or set of ip addresses. If you know them already, that would help keep the computer more secure. If it's open to all the world, then the file sharing between your computers is as open as that port.
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,554
430
126
Originally posted by: PepperBreathis there a risk of someone getting access to those shares from the WAN side of my router?
Click to expand...
Is it a risk? Sure. So is crossing a Road.

In other words it is the kind of a risk that should not ?freeze? you from doing what you need to do.

You can minimize the risk by using strong password and enable the Encryption.

:sun:
 
N

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
changing the default port is also an extremly good option. I had lots of SSH dictionary attacks on my linux box, till I added 2 number to 22, now I never have any.
 
P

PepperBreath

Senior member
Sep 5, 2001
469
0
0
I can change the port. No problem.

I guess what I'm getting at is if I have a port listed under port forwarding, is that effectively the same as having that single port in the DMZ? UltraVNC won't be used all the time but I do need a port open so I can get to my desktop remotely when I'll be out of state next month.

I'm just wondering if having simple file sharing on with full access behind the router is at significant risk if I have one port forwarded on the router.
 
N

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
no, it's not a significant risk. Keep an eye on UltraVNC versions, and keep it up to date.
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I guess what I'm getting at is if I have a port listed under port forwarding, is that effectively the same as having that single port in the DMZ?
Click to expand...

For the SOHO definition of DMZ, yes. For the real network definition of DMZ, no.

ltraVNC won't be used all the time but I do need a port open so I can get to my desktop remotely when I'll be out of state next month.
Click to expand...

If you have XP you should probably just use RDP, it's probably faster than UltraVNC too.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom