I was testing how to enable Plexamp to get playlists from my Plex media server while I am away from the local server. I enabled Remote Access that that works. I can listen to music while on the road now via my cellular data connection.
Now I want to know how secure/insecure that is. I have not manually opened any ports on the router.
Is there a document that explains what is actually happening in the background? Is there some proxy somewhere, and only it can get to my PC running plex? -Bill
If your router allows automatic port forwardings per UPnP, plex server has negotiated it when it was started.
If your router doesn’t allow UPnP (or your ISP has put you behind Carrier-Grade NAT), then the connection was made per Plex relay.
Plex relay connections are always encrypted.
The connections which go directly to your server, are by default encrypted. But you can allow clients to fall back to unencrypted connections with a server preference.
https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/
Thanks, one of the first things to do on a new router is make sure UPNP is disabled.
Is plex relay monitored by their security team? Fireeye or tripwire or?
Monitored for what?
Hacks, pwned Anything where it could be used to compromise our (customers) systems.
The relay connection is like any other remote connection to your server.
Encryption is enforced on these connections.
If the client has a valid authentication token for a Plex account, and this Plex account has been granted access by you to your media, then this client will get access.
You can disable relay connections if you think that this is too risky.
Though so far there has been no known case of server breach by remote or relay connection.
Are you saying its Not Monitored? Even using something like tripwire or Fireeye.
I can only relay this from an official statement:
We are using tools to analyze security logs and make sure our services are in the state they should be, without external modifications by bad actors (using tools similar to those mentioned above, but from other vendors).
Quick note: using relay is not adding a security layer, it’s more of a workaround when NATing or port forwarding is not possible. That said, we have an open bug bounty, and if you found exploitable vulnerabilities in our relays, we’d be happy to review them. More information can be found in https://support.plex.tv/articles/reporting-security-issues/
Ah, thanks!! I guess I better make sure that PC is on a VLAN that cannot get to anything else on the internal LAN. Thanks Again.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
