How can manufacturers and integrators mitigate the risks of port forwarding?
Editor Introduction
Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open ports on the network expose an IP video system to the internet. This makes it a potential target for malicious cyberattacks. In the physical security industry, the elimination of port forwarding is seen as a basic and manageable precaution to shore up cybersecurity. We asked this week's Expert Panel Roundtable: What are the risks of port forwarding, and how can manufacturers and/or integrators mitigate those risks?
Port forwarding poses security risks by exposing internal networks to external threats. It creates an entry point, allowing attackers to bypass firewalls and access devices or services directly. This increases the likelihood of unauthorised access, data breaches, and exploitation of vulnerabilities within systems. If a forwarded port connects to an insecure device, attackers can exploit weak credentials, unpatched software, or known vulnerabilities to gain control. Hackers may also use port scanning techniques to identify open ports and launch attacks, potentially compromising critical infrastructure. To mitigate these risks, manufacturers and integrators should prioritise security by implementing strong access controls, such as multi-factor authentication (MFA), to restrict unauthorised entry. They should also ensure devices receive regular updates with the latest security patches to address vulnerabilities. Network segmentation can isolate critical systems from public-facing services, and integrators should consider using VPNs and secure tunneling protocols instead of exposing ports directly to the internet.
Even though zero trust is seen as best practice by many, no IT security professional is going to open up a path into their internal network from the internet. Security is about having multiple layers of protection, so stopping unwanted data packets at the firewall is a must. At Gallagher, we have taken the approach of creating a secure connection from the on-premise security system to our cloud. The on-premise server calls out to our cloud, which is the easiest connection for a firewall to protect. Our cloud then acts as a gateway, where the customer can choose to allow other services to securely authenticate and connect with packets forwarded back and forth between the service and the on-premise server securely. We will extend the services that the site can consume through our cloud gateway, providing peace of mind, that the chance of unwanted data packets coming from the internet into a corporate network is well managed.
Port forwarding is a common technique used in the security industry, to allow external devices or clients to communicate with internal equipment on private networks including equipment such as IP cameras, NVRs, intrusion and access control systems, HVAC, fire, and the list is growing! However, opening ports to the internet provides an inherent attack vector for would-be hackers. If not properly configured, port-forwarding can expose customers to significant risk to not only the exposed application but to their entire networks. VPNs are an alternative, but may add significant administration overhead to IT teams, and can be frustrating and cumbersome for users. Cloud-enabled security software and devices are a great alternative. Cloud applications allow for inbound connections to on-premise security equipment, without any need for port-forwarding. Communications are commonly encrypted to protect sensitive data in transit. Cloud offerings can reduce IT administration workload while also significantly reducing exposure to network attacks.
Port forwarding is the computer networking practice of making a computer or software on that computer inside of a private network accessible outside of that network. It is relatively easy to do and allows convenient access to the machine from anywhere else in the world. This convenience, however, means that anyone aware of this computer being accessible from anywhere could try to connect. Some ways to mitigate this are to limit the port-forwarding to specific IP addresses, to have strong passwords for the computer or the software, and if possible, to add an SSL certificate to encrypt the traffic.
Editor Summary
Increasingly, physical security manufacturers, integrators, and end users are faced with resolving cybersecurity issues such as the threat of port forwarding. As our Expert Panelists have described, there are a variety of solutions and strategies that can keep open ports from being a cybersecurity risk. Driving awareness of the problem can guide industry professionals to the best strategies to address it.
How concerned are you about port forwarding as a potential security risk in your organisation?
- Related companies
- Gallagher Security
- Salient Systems
- Ai-RGUS
- i-PRO
- Related links
- Salient Systems CCTV software
- Salient Systems Network video recorders (NVRs)
- Infrared IP cameras
- Event Network video recorders (NVRs)
- Real Time Network video recorders (NVRs)
- Biometric Access control readers
- Detection Software CCTV software
- Card Swipe Access control readers
- Network IP cameras
- PTZ IP cameras
- Real Time / Timelapse Network video recorders (NVRs)
- Drawing Software CCTV software
- Contact Access control readers
- IP Surveillance Software CCTV software
- Thermal IP cameras
- Infrared Access control readers
- Magnetic Stripe Access control readers
- Management Software CCTV software
- Mifare Access control readers
- Proximity Access control readers
- Monitoring Software CCTV software
- RFID Access control readers
- Surveillance Software CCTV software
- Smart Card Access control readers
- Related categories
- CCTV software
- IP cameras
- Access control readers
- Network video recorders (NVRs)
- View all news from
- Gallagher Security
- Salient Systems
- Ai-RGUS
- i-PRO
Expert commentary
- When choosing an access solution, make total cost of ownership a key part of the calculation
- How Californian cities are improving surveillance and security - key developments from 2022 to 2024
- Healing through innovation: Securing healthcare in the cloud
- Unlocking new potential in video security through AI
Security beat
Security bytes
- Getting to know Dan Grimm, VP and General Manager of Computer Vision at RealNetworks
- Big wins and the importance of showing up: Insights from SourceSecurity.com editor Larry Anderson
- Setting goals, business travels and radioactivity: Success secrets from Tiandy's John van den Elzen
- Getting to know Jeff Burgess, President/CEO at BCDVideo
Palm vein recognition
DownloadThe key to unlocking K12 school safety grants
DownloadSelecting the right network video recorder (NVR) for any vertical market
DownloadPhysical access control
DownloadCybersecurity for enterprise: The essential guide to protecting your business
DownloadASSA ABLOY Aperio Wireless Locks
Hikvision EasyIP 4.0 Plus Network Cameras with ColorVu 3.0 Technology
Milesight 4G Solar-Powered AI-Driven ANPR Camera Kit