How safe is it to open ports on your router? [closed]
I want to open some ports on my family's network, for game servers and other protocols like HTTP and FTP. My dad, however, thinks this is unsafe (for him).
Is it easy for a hacker to get in to our network using these open ports? If he does, does he have access to the whole network or just my computer?
I was lucky, my dad let me have unknown 5-digit ports, but I still want to use "normal" ports.
I don't really care if a hacker gets in to my computer, but my dad does. Does the hacker have access to my dad's computer with no open ports? Or only my computer?
If the hacker can access my dad, can I use 2 routers to make his computer not hackable by hacker? What I mean is that I have the ports forwarded from the family's router to my own router and that router directs them to my own computer (server). Does this jail the hacker into just my "unsafe" network?
Solution 1:
While opening ports does put you more at risk than having none open, you are only in danger if an attack can exploit the service that is using that port. A port is not an all access pass to your PC/network if an attacker happens upon it. They would need to manipulate whatever it is on the other side to gain some type of basic system access, then they could 'maybe' gain enough privileges to compromise your system. It's a bit like leaving your car keys in a bathroom 100 miles away. While someone could use them to steal your car, they still have a loooong way to go to make it happen.
As you said, companies around the world have ports open so they can do business. Another fact is that whatever those companies are doing is probably a lot more interesting to attackers than the family photos and Bejeweled Blitz your dad has on his PC.
You also need to consider just because you open ports on the router does not mean you opened ports on the PC firewalls. If you open port 3333 on your router, chances are it is still blocked by your PCs firewall, so you in still protected. Typically, you open the ports you need on the router, and open the ports on ONLY the PC firewall that needs access through them.
Finally, depending on what services you are planning on using, they may be uPnP compatible. In that case, they will open the ports they need when in use, and close them automatically when they aren't. You said you have a random 5-digit port opened right now, and have been using it. Why not stick with it then? There is nothing to be gained by using the "standard" ports unless you need to.