Like, I hear all the time that you shouldn’t open any ports on your networks fire wall for security reasons this and security reasons that. But what are the actual security implications/risks of forwarding a port for something like Jellyfin or a Minecraft server or something like that? Explain like im 16 (or something)

  • rayjaymor85@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Port forwarding itself is not inherently dangerous; in much the same way that jumping out of a window is not inherently dangerous. But obviously it is risky.

    If you know what you’re doing and mitigate the risk, jumping out of a window onto say a soft landing or a ground floor window is not a problem.

    Anyone hosting websites or services either at home or in a datacenter do it all the time.

    The dangerous part is if someone can do with that forwarded port if the service it’s attached to can be used to gain access to something else on the network.

    Usually done by figuring out what you are running, and then exploiting a CVE to get in and then get access to the rest of your network that way.

    So as an example I have a VM with Google Cloud that is running my website. If someone does manage to hack it, well, who cares - it’s just a VM running that simple LAMP stack.

    If I had that same website on my home network, and it can access my home NAS, well if it turns out there’s a vulnerability I didn’t account for then technically someone can take over that VM and hop into my NAS and do damage there.