Wondering how risky to our network is it to access the yeastar interface using ddns.
I think I read, it would be wise to change the default ports that are being forwarded.
Any recommendations/ best practice?
Date
Votes
2 comments
-
Larry Neblett There is a faction that advocates changing ports for the sake of changing in the hopes that it will thwart or delay the hackers from being able to scan and then find out that you have something hiding behind a firewall.
I will agree that doing so may likely delay the discovery, and while this is a good thing, it will not necessarily prevent its discovery by all who are from the dark side.
There are many a hacker out there that knows the ploy and they adjust the ranges they scan knowing this, so sooner or later your secret may be discovered.
My belief is that if you don’t want to be subjected to the possibility, then you should consider VPN tunnels. If this is not possible, then (regardless of VPN use) lock down the router ports to only allow traffic from the ones (IPs) you want and drop all the rest. If you can’t do either, then you have the wrong router and should strongly consider getting a device that will protect you and insure a more pleasant overall experience using VoIP and the resulting more restful nights. If nothing can be done, then move the port, but it will only be a matter of time before they find it.
I am not saying that moving the port is something that should not be done, but rather something that need not be done if you plan and implement the protection up-front. Moving does not hurt, but a port is a port and you still have to set the devices up to use the port specified in your set-up so the treatment that gets applied to 5060, should also be applied to whatever port you change to.
-
Riddhe M Totally agree on Larry's comment.
If it has to be let external party to access intranet. DDNS is a possible solution, but not that safe.
The priority is:
VPN> Move Port Forwarding > Direct Port Forwarding
Please sign in to leave a comment.