Modem > Router > Telo : Static IP, QoS, Other configuration?

Need extra help installing your Ooma Hub or Telo system? Let us know.
User avatar
tomcat
Posts: 215
Joined: Tue Feb 22, 2011 1:32 pm

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by tomcat » Tue Mar 15, 2011 10:57 am

thunderbird wrote:That's the same reason they say that if you put a computer in your router's DMZ, you should have security software on your computer for it's own protections.
Agreed.
thunderbird wrote:Since Ooma uses a VPN tunnel, a hacker would have to hack Ooma's security, before they could reach your router's LAN, and than to Ooma Setup. I'm not saying it couldn't be done, but very unlikely.
If the setup page resided on ooma's servers, then yes the page would be protected by the VPN. However, I believe the setup page is actually on the Telo and Hub since it can be accessed even when the telo isn't connected to the internet. This would mean that anything coming in on the router's port 80 would be forwarded on to the DMZ which would be the ooma's port 80 and would hit the setup page. Basically, if it is open to the LAN then it is also open in the DMZ (assuming a normal consumer router).

Is this not correct?

thunderbird
Posts: 6388
Joined: Mon Nov 08, 2010 4:41 pm

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by thunderbird » Tue Mar 15, 2011 12:06 pm

tomcat wrote:
thunderbird wrote:That's the same reason they say that if you put a computer in your router's DMZ, you should have security software on your computer for it's own protections.
Agreed.
thunderbird wrote:Since Ooma uses a VPN tunnel, a hacker would have to hack Ooma's security, before they could reach your router's LAN, and than to Ooma Setup. I'm not saying it couldn't be done, but very unlikely.
If the setup page resided on ooma's servers, then yes the page would be protected by the VPN. However, I believe the setup page is actually on the Telo and Hub since it can be accessed even when the telo isn't connected to the internet. This would mean that anything coming in on the router's port 80 would be forwarded on to the DMZ which would be the ooma's port 80 and would hit the setup page. Basically, if it is open to the LAN then it is also open in the DMZ (assuming a normal consumer router).

Is this not correct?
There may be that possibility, but only if your router didn't have any level of security turned on at all.

Lilly's_Closet
Posts: 108
Joined: Wed May 19, 2010 11:10 am

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by Lilly's_Closet » Wed Mar 16, 2011 7:01 am

Response moved to its own thread to gather additional feedback viewtopic.php?f=9&t=11131
Last edited by Lilly's_Closet on Wed Mar 16, 2011 7:26 pm, edited 14 times in total.

User avatar
tomcat
Posts: 215
Joined: Tue Feb 22, 2011 1:32 pm

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by tomcat » Wed Mar 16, 2011 7:28 am

Putting the ooma box in the router's DMZ is, theoretically, the same as connecting the ooma box between the modem and router.

What I was suggesting is that you do not want to expose the ooma box's setup page on the ooma's internet port (via ooma's port forwarding rules) if the box is in the DMZ. This will also expose the setup page to the internet. Something you do not want.

thunderbird
Posts: 6388
Joined: Mon Nov 08, 2010 4:41 pm

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by thunderbird » Wed Mar 16, 2011 11:41 am

Ooma Port Forwarding Possible Security Risks Balanced Against Convenience?

The question should be “What would happen if a hacker from the Internet accessed someone’s Ooma Setup through an Ooma device’s home address port, forwarded using port 80”?

The hacker could probably at most change some settings and temporarily disrupt someone’s Ooma phone service. It’s not like shutting down NASA. Probably all-in-all it’s a pretty low security risk. Probably the convenience of being able to access the Ooma device’s Ooma Setup pages, from a computer connected to a router LAN port is worth the risk.

Of coarse the hacker would have to know/guess/figure-out some things before they got to the Ooma Setup pages.

By the way, most home routers allow port 80 to be accessed/open to the Internet, weather a device is placed in the router’s DMZ or not.

Omma uses a VPN tunnel, so the modem part of an Ooma device is well protected, using any configuration setup.

The real threat comes when placing a computer in the router’s DMZ which many people do for gaming, etc. Placing a computer in the router’s DMZ could compromise that computer’s security.

But most people, even if they use a router’s firewall for security, also have computer security software installed on each of their computers, and especially installed on their DMZ computer. I have used Norton Internet Security for years and it has done a great job for me.

Each person has to decide how they want to manage their home’s Internet Security and determine if certain possible risks are worth the convenience.

User avatar
tomcat
Posts: 215
Joined: Tue Feb 22, 2011 1:32 pm

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by tomcat » Wed Mar 16, 2011 12:49 pm

thunderbird wrote:Each person has to decide how they want to manage their home’s Internet Security and determine if certain possible risks are worth the convenience.
Agreed! :D

Lilly's_Closet
Posts: 108
Joined: Wed May 19, 2010 11:10 am

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by Lilly's_Closet » Wed Mar 16, 2011 1:35 pm

I agree as well however, more often than not, someone from the forum tells a user to put ooma in the DMZ without fully understanding the implications themselves or explaining it to the user. Or worse they recommend it in hopes that that it will fix the user's performance issue, and really its only masking the real network issue and exposing the user unnecessarily.

This makes it challenging to decide for yourself when you are only getting a part of the information...Especially when they are so desperate for a solution.

The assumption is if someone in the forum is recommending it it’s got to be right…well that’s not always the case.

Lilly's_Closet
Posts: 108
Joined: Wed May 19, 2010 11:10 am

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by Lilly's_Closet » Thu Mar 17, 2011 1:57 pm

I would also respectfully disagree with the assumption that most are running some type of Security Software. Most people are not...Some are running antivirus software but more often than not the virus definitions are out of date and the subscription has expired and or scheduled scans are not enabled.

An entire PC repair industry is built on the fact that most users are not taking these preventative measures.

(For free antivirus check out http://www.avira.com/en/avira-free-antivirus)
Last edited by Lilly's_Closet on Thu Mar 17, 2011 4:01 pm, edited 4 times in total.

User avatar
lbmofo
Posts: 9337
Joined: Sun Mar 14, 2010 7:37 pm
Location: Greater Seattle
Contact:

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by lbmofo » Thu Mar 17, 2011 2:18 pm

Lilly's_Closet wrote:(For free antivirus check out http://www.avira.com/en/avira-free-antivirus)
Also free, MS Security Essentials: http://www.microsoft.com/security_essentials/
Lilly's_Closet wrote:I agree as well however, more often than not, someone from the forum tells a user to put ooma in the DMZ without fully understanding the implications themselves or explaining it to the user. Or worse they recommend it in hopes that that it will fix the user's performance issue, and really its only masking the real network issue and exposing the user unnecessarily.
If Ooma Hub or Telo is placed in DMZ, what risks are there?
If Ooma Hub or Telo is placed between the modem and the router, what risks are there?
Don't they have some kind of firewall built in?
Customer Since: 3/13/10
Hardware: Telo & Hub
Service: Premier 12/06/10
Verizon Port: 3/15/10 - 4/02/10
Internet: 100 Mbps/10 Mbps
Setup: SB6141/R6700/Ooma
MainStreetSHARES Ebates: get Ca$h Back when you shop online!!

Image

Lilly's_Closet
Posts: 108
Joined: Wed May 19, 2010 11:10 am

Re: Modem > Router > Telo : Static IP, QoS, Other configuration?

Post by Lilly's_Closet » Thu Mar 17, 2011 3:03 pm

lbmofo

Were you able to read the entire the entire thread, there is also a link to a separate thread on the top of this page? I think that most of your questions are discussed in both treads.

Here is a repost of the link at the top of this page viewtopic.php?f=9&t=11131

Also check out my posting on this thread viewtopic.php?f=2&t=10959

In addition, you metioned that you have have Comcast Cable as a (ISP) they offer a free version of Norton Security Suite http://security.comcast.net/ to their ISP customers

Post Reply