this post was submitted on 06 Jul 2023
7 points (100.0% liked)

techsupport

2473 readers
5 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 1 year ago
MODERATORS
 

From my understanding you can run into issues when you have a combination of ports being forwarded and some other issue like SSH enabled on a Raspberry Pi with default credentials but I feel like I'm missing things or misunderstanding port forwarding.

I don't know if, for example, a computer connected to a network running a dated version of Windows is a risk simply because it is connected to the network. Even if it isn't being used for things such as web browsing.

I'm more concerned about remote threats versus local ones like someone having access to my WiFi password.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago

A router or firewall by default will block incoming traffic from the internet; it only allows outgoing traffic. So a computer simply being connected to the network shouldn't just all of a sudden get a virus or malware. Users browsing not safe websites, downloading random things, opening random email attachments, or installing unsafe applications will cause the compromise.

However, port forwarding will open a port on your router/firewall to allow incoming traffic to whatever device you've forwarded that traffic to. SSH itself is not really the concern, but the strength of the password used for the account.

The internet is constantly being scanned by bots looking for easy targets. Even if you change the default SSH port to something else, it will eventually be discovered and if your server/device responds in such a way to reveal it's an SSH server, then whatever automated system will start trying common usernames and passwords to get in (brute force).

If you were going to expose SSH, it's best to change the default port, use an uncommon username (not root, admin, pi, etc.) and don't accept connections from anything other than that username, use key based authentication, and probably install Fail2Ban to block brute force attempts. And if you are only going to be connecting from a known source, like your work, maybe just allow that IP with your port forward.