Need extra help installing your Ooma Hub or Telo system? Let us know.
#77344 by tomcat
Tue Mar 15, 2011 10:57 am
thunderbird wrote:That's the same reason they say that if you put a computer in your router's DMZ, you should have security software on your computer for it's own protections.

Agreed.

thunderbird wrote:Since Ooma uses a VPN tunnel, a hacker would have to hack Ooma's security, before they could reach your router's LAN, and than to Ooma Setup. I'm not saying it couldn't be done, but very unlikely.

If the setup page resided on ooma's servers, then yes the page would be protected by the VPN. However, I believe the setup page is actually on the Telo and Hub since it can be accessed even when the telo isn't connected to the internet. This would mean that anything coming in on the router's port 80 would be forwarded on to the DMZ which would be the ooma's port 80 and would hit the setup page. Basically, if it is open to the LAN then it is also open in the DMZ (assuming a normal consumer router).

Is this not correct?
#77351 by thunderbird
Tue Mar 15, 2011 12:06 pm
tomcat wrote:
thunderbird wrote:That's the same reason they say that if you put a computer in your router's DMZ, you should have security software on your computer for it's own protections.

Agreed.

thunderbird wrote:Since Ooma uses a VPN tunnel, a hacker would have to hack Ooma's security, before they could reach your router's LAN, and than to Ooma Setup. I'm not saying it couldn't be done, but very unlikely.

If the setup page resided on ooma's servers, then yes the page would be protected by the VPN. However, I believe the setup page is actually on the Telo and Hub since it can be accessed even when the telo isn't connected to the internet. This would mean that anything coming in on the router's port 80 would be forwarded on to the DMZ which would be the ooma's port 80 and would hit the setup page. Basically, if it is open to the LAN then it is also open in the DMZ (assuming a normal consumer router).

Is this not correct?

There may be that possibility, but only if your router didn't have any level of security turned on at all.
#77386 by tomcat
Wed Mar 16, 2011 7:28 am
Putting the ooma box in the router's DMZ is, theoretically, the same as connecting the ooma box between the modem and router.

What I was suggesting is that you do not want to expose the ooma box's setup page on the ooma's internet port (via ooma's port forwarding rules) if the box is in the DMZ. This will also expose the setup page to the internet. Something you do not want.
#77420 by thunderbird
Wed Mar 16, 2011 11:41 am
Ooma Port Forwarding Possible Security Risks Balanced Against Convenience?

The question should be “What would happen if a hacker from the Internet accessed someone’s Ooma Setup through an Ooma device’s home address port, forwarded using port 80”?

The hacker could probably at most change some settings and temporarily disrupt someone’s Ooma phone service. It’s not like shutting down NASA. Probably all-in-all it’s a pretty low security risk. Probably the convenience of being able to access the Ooma device’s Ooma Setup pages, from a computer connected to a router LAN port is worth the risk.

Of coarse the hacker would have to know/guess/figure-out some things before they got to the Ooma Setup pages.

By the way, most home routers allow port 80 to be accessed/open to the Internet, weather a device is placed in the router’s DMZ or not.

Omma uses a VPN tunnel, so the modem part of an Ooma device is well protected, using any configuration setup.

The real threat comes when placing a computer in the router’s DMZ which many people do for gaming, etc. Placing a computer in the router’s DMZ could compromise that computer’s security.

But most people, even if they use a router’s firewall for security, also have computer security software installed on each of their computers, and especially installed on their DMZ computer. I have used Norton Internet Security for years and it has done a great job for me.

Each person has to decide how they want to manage their home’s Internet Security and determine if certain possible risks are worth the convenience.
#77434 by Lilly's_Closet
Wed Mar 16, 2011 1:35 pm
I agree as well however, more often than not, someone from the forum tells a user to put ooma in the DMZ without fully understanding the implications themselves or explaining it to the user. Or worse they recommend it in hopes that that it will fix the user's performance issue, and really its only masking the real network issue and exposing the user unnecessarily.

This makes it challenging to decide for yourself when you are only getting a part of the information...Especially when they are so desperate for a solution.

The assumption is if someone in the forum is recommending it it’s got to be right…well that’s not always the case.
#77488 by Lilly's_Closet
Thu Mar 17, 2011 1:57 pm
I would also respectfully disagree with the assumption that most are running some type of Security Software. Most people are not...Some are running antivirus software but more often than not the virus definitions are out of date and the subscription has expired and or scheduled scans are not enabled.

An entire PC repair industry is built on the fact that most users are not taking these preventative measures.

(For free antivirus check out http://www.avira.com/en/avira-free-antivirus)
Last edited by Lilly's_Closet on Thu Mar 17, 2011 4:01 pm, edited 4 times in total.
#77489 by lbmofo
Thu Mar 17, 2011 2:18 pm
Lilly's_Closet wrote:(For free antivirus check out http://www.avira.com/en/avira-free-antivirus)

Also free, MS Security Essentials: http://www.microsoft.com/security_essentials/

Lilly's_Closet wrote:I agree as well however, more often than not, someone from the forum tells a user to put ooma in the DMZ without fully understanding the implications themselves or explaining it to the user. Or worse they recommend it in hopes that that it will fix the user's performance issue, and really its only masking the real network issue and exposing the user unnecessarily.

If Ooma Hub or Telo is placed in DMZ, what risks are there?
If Ooma Hub or Telo is placed between the modem and the router, what risks are there?
Don't they have some kind of firewall built in?
#77494 by Lilly's_Closet
Thu Mar 17, 2011 3:03 pm
lbmofo

Were you able to read the entire the entire thread, there is also a link to a separate thread on the top of this page? I think that most of your questions are discussed in both treads.

Here is a repost of the link at the top of this page viewtopic.php?f=9&t=11131

Also check out my posting on this thread viewtopic.php?f=2&t=10959

In addition, you metioned that you have have Comcast Cable as a (ISP) they offer a free version of Norton Security Suite http://security.comcast.net/ to their ISP customers

Who is online

Users browsing this forum: No registered users and 13 guests