Do I need to port forward?
Ther is some risk in doing this. It is important to understand the difference between, explicitly allowing traffic to/from a given public a port to a device on your internal networ, port forwarding, and putting a device in the DMZ.
1. the DMZ opens the entire surface area of a network node to the Internet. This bypasses the firewall's normal function.
2. A port forward opens a port and forwards it to a network node. This bypasses the firewall's normal function.
3. Allowing/denying traffic by type allows the firewall to continue normal function
Having your management interface publicly accessible means that any user on the public Internet can access your HS3 management interface.
At minimum I would recommend SSL encrypting the page, forcing all logons to use a password, binding myhs to a non-admin account, and setting up anti-hack features in your HS3 install.
I would still recommend we identify the traffic for myhs and see if it is possible to tell your firewall to allow the traffic.
Sent from my iPhone using Tapatalk
Ther is some risk in doing this. It is important to understand the difference between, explicitly allowing traffic to/from a given public a port to a device on your internal networ, port forwarding, and putting a device in the DMZ.
1. the DMZ opens the entire surface area of a network node to the Internet. This bypasses the firewall's normal function.
2. A port forward opens a port and forwards it to a network node. This bypasses the firewall's normal function.
3. Allowing/denying traffic by type allows the firewall to continue normal function
Having your management interface publicly accessible means that any user on the public Internet can access your HS3 management interface.
At minimum I would recommend SSL encrypting the page, forcing all logons to use a password, binding myhs to a non-admin account, and setting up anti-hack features in your HS3 install.
I would still recommend we identify the traffic for myhs and see if it is possible to tell your firewall to allow the traffic.
Sent from my iPhone using Tapatalk
Comment