Fair enough. But which of all the how to videos out there explain that to novice users? Not much on security setup
Just read the docs;
Stop using random videos. YOU set up the the port forwarding, Why do you need a video to turn it off?
Hey! Wow! Did I step on some sore toes here or…
Relax folks. not everyone are programmers, network specialists or cosmonauts… Only thing you achieve with this attitude is drive people away from HA.
Every single thing with HA, I have learned from “random” videos from The Hook Up, JuanML, Frenck, Bruh and Dr.ZZZ. Before starting with HA I have never used Linux, never written YAML, never fiddled with MQTT etc etc. I think I speak for alot of people when I say there have been a few mistakes along the way. So stick the attitude somewhere, only thing you achieve with an attitude like this, is driving novice users away from the community and away from HA.
My post was meant as a help to other novice user that might read this thread in hope of securing their system, but like me, have to learn from someone else. @sjee, I have read alot on securing Debian, but much of this is way over my head. Would be good with a more detailed description from Nabu Casa on how to secure the system when using their solution, a best practice when using Nabu Casa/DuckDNS etc. I have struggled to find useful novice instructions on the topic, and I understand that making a general approach is most likely impossible, with the variety of setups around.
It’s all in the docs, you just need to search.
Ok, so if you want to start by securing your network let’s start with the simple task of closing those ports. Walk towards your internet modem / router and lookup the brand and model number for it. Google that combination and append ‘open ports’ to the query. You’ll then probably find pages explaining how to open ports, I hope you’ll figure out yourself how to undo those changes that way. I think that is about the most important security step you have to take right now.
That looking up about port forwarding just shouldn’t be needed, because the person concerned has already opened their ports, and closing them is just undoing what they did e assistant does not open ports on your router, mosquitto does not open ports on your router. By definition the person with opened ports did it themselves, and I assume can undo it.
That is true. Though if you would look up how to do this, while having no interest in it and no technical background whatsoever, and then not touch it for about a year you might have forgotten how you did it in the first place. Also (speaking from personal experience) people might not have a brain like yours and forget stuff (in my case due to some stupid disease).
is this security concern only related to remote access of Home assistant or it also affects cloud connected devices ?
this security concern made me hesistant to use home assistant anymore.
yeah, enabling anonymous samba access and routers forwarding all ports from the internet is definitely “home assisstant’s security issue”
It is a long time since I read this thread, but as I recall it no security issue with home assistant was discovered.
Thanks @nickrout and @Quatuor.
@nickrout what it is the safest way to secure home assistant when utilising remote control and using cloud connected devices like Tuya ?
Please advise,
Thanks
Use nabu casa.
Well don’t use cloud connected devices, but what security issue are you guarding against?
This is an ancient thread, dating from back when authentication was optional, and many people ignored all the documentation and guidance about not configuring remote access until you’d enabled authentication.
If you’re coming across this thread since 0.77 was released back in August 2018 then you can ignore it. If you’re a time traveller, or running something older than that… I can’t really help you.