Hello to all.
I need some basic security advise. I get new hardware for security application. It sends alarm signals through network connection. The hardware is very new on the market so I decided to check the basic security for networking.
1. First, I checked the data transfer which is in clear text data. It supports datagram and stream transfer too.
2. Second, I made a port scan and there was lots of open ports to which I can make a telnet connection and send data to it. (all ports are opened)
Since I will place this hardware to unknown networks (networks managed some other guys) I need to know that my hardware will not cause any security hole in this LAN.
1. Question (point 1): How dangerous is the clear data transfer.
Note: At this moment the hardware sends datagram packets to a public static IP address on the internet. One message per packet. In this datagram packet are the clear text data presented. The server responds with the same datagram packet to acknoledge the data.
2. Question (point 2): How dangerous are these open ports (all ports are open)?
Note: I can make full TCP connection and send data to the device. Probably it will not accept any data but I have a bad feeling about it.
It seems to me that the guy who made this hardware does not care about network security much.
In real world: how likely is it that such things can be abused.
Thanks for any suggestions.