+1

Safety issue: all ports and all protocols enabled in firewall after instalment of bOS Server

Pascal Platteel 3 years ago in bOS Server updated by ComfortClick ComfortClick 3 years ago 2

I noticed after installing the latest bOS Server, that any port and any protocol is enabled in the Windows firewall, creating a serious safety breach into the system. Especially if the server is connected to the internet or the home network is full of iot devices that are easily compromised. This is a serious security issue. Also looking at the amount of hack or intrusion attempts that happen every day on bOS, as parts of it are connected to the internet. A compromised bOS server gives the attacker full access to the rest of the network with these firewall settings. And it is a real risk if you consider the poor TLS protocols that where still in use before bOS 4.9.0.

I also noticed that multiple Firewall entries are created and probably not cleaned after upgrading to a newer version of bOS.


What are the minimum ports/protocols needed by bOS to function properly?

Image 3526

Holly mackerel, a significant amount of ports opened with full access, happens the same here and it does not seem right to have opened a significant amount of ports under BoS, any thoughts from the BOS team would be much appreciated

Hello,

This doesn't mean the ports are open for every program, it means they're open for our bOS service. Also, it doesn't mean the ports are publicly available, it means they're available on local network. In any case, you should use appropriate firewall on your main router and protect your network there. Also we recommend to segment your network into logical subnetworks (VLANs) to divide different devices in your network (home automation/IOT, security devices, private devices, etc).

If you could provide info about the OS, so we can check why they're not cleaned. The old ports should be cleaned, few version ago we decided to allow any ports to be passed by firewall for bOS server, due to constant issue with driver connection issues, discovery protocols, etc.

There is a lot of use of our basic driver which constantly requires different ports for different devices/applications.

You can manually delete old firewall rules. Just leave the last two (bOS Service) open.

We're constantly working on improving the overall security of our product and we will also address your comment.


Best regards, David