How insecure is port forwarding for Blue Iris if you have an incredibly strong password?

MrRobinHood

Pulling my weight
Joined
Nov 29, 2021
Messages
51
Reaction score
101
Location
England
I realise you shouldn't be using port forwarding, and I'm not, but I'm curious as to how big of a risk in reality it really is if you're using a very long randomly generated password?

Does leaving port 81 open only leave you open to brute force password attacks? Or does it create additional risks or vectors into your windows machine through potential Blue Iris or Windows bugs?

What's the weakest point when using this method?

If you have a 50 character long random password from a password manager that would take decades to brute force, are you then actually relatively safe?
 
Joined
Dec 28, 2019
Messages
8,069
Reaction score
17,558
Location
New Jersey
I think leaving any port open, even 443 for a VPN, can lead to hack attempts. I see a few "regular" tries at 443 on my router but given 128 bit encryption I'm not too worried at all. I think it's also possible to use any open port for a sideways entrance into a network but that would take some pretty sophisticated hackers, although with the way thing are going that may not be such a big stretch today.
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
8,343
Reaction score
9,836
I realise you shouldn't be using port forwarding, and I'm not, but I'm curious as to how big of a risk in reality it really is if you're using a very long randomly generated password?

Does leaving port 81 open only leave you open to brute force password attacks? Or does it create additional risks or vectors into your windows machine through potential Blue Iris or Windows bugs?

What's the weakest point when using this method?

If you have a 50 character long random password from a password manager that would take decades to brute force, are you then actually relatively safe?
Hi @MrRobinHood

Great question.

SO the answer .. sort of along the lines of ..


How secure is your home to robbers if you have a key which is 1 foot long with 60 teeth?



Yes, this is sort of how you need to think of the question ..



When your lock and key are strong, but your windows to the street are open .. does not make you much more secure ..

When your house has no windows and is of brick, with a strong roof and doors .. then a strong lock helps ..


In terms of computers .. same applies .. no computer is 100% safe connected to the internet, and just because you have a great lock on the front door, .. robbers can come in through other means ..

Since most people do not live in vaults, and few computers are secure enough .. you really do not want to port forward with all the thieves and robbers out there .. some which are robo-robbers .. (*)


( * - of course if you are a IT security pro and know what you are doing, and have the time to do it .. well, then that of course is a different thing, and you probably do not listen to random people's advice on the internet .. )
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
1,550
Reaction score
1,801
Most exploits don't bother to go directly against a password or encryption. They go completely around the authorization or rely on some fundamental flaw in implementation. As we've seen for most all of the big hacks against various cams and other network devices. So it may help against routine attempts to find default passwords and easy targets but won't in the case of some vulnerability within the system whether it's at the specific server being accessed or the underlying OS/transport.
 

wittaj

Known around here
Joined
Apr 28, 2019
Messages
8,268
Reaction score
13,672
Location
USA
BI is great, but it doesn't have the millions of users like other programs, so a vulnerability could be sitting there longer before it is realized than say with Windows. And we shut off anti-virus for BI, so.....follow that path - port forward is not a good idea...
 
Top