Hi, Can someone pls advice how insecure / secure is to connect 2 node-reds together over Internet. My plan is quite simple, I need to send temperature sensor value from one place ( domain ) to another place ( domain ) and display it on dashboard.
tcp-out-node will send it and tcp-in-node ( port 50000 f.ex. ) will receive it.
Port forwarding is done at the receiving router.
Receiving port is open but is it a problem ? I can discard packets after tcp-in-node if they don't come from tcp-out-domain ?
I understand that anyone can send data to this port but can that person go further on to NR and Raspian system ?
There are a lot of moving parts involved in that calculation.
Maybe.
The problem is that it is never possible to be 100% certain that there are no ways to beat the system and gain unexpected access.
So the trick is to keep the window as tight as possible.
In your case, the receiving network should have an edge firewall that only opens the inbound port for the sending system. Not for everything and everyone.
The second thing to ensure is that you are using TLS encryption for the connection. If you don't, the data can not only be sniffed but potentially altered in transit.
The third thing you should do is carefully validate any received data. Never assume that incoming data is clean or valid.
That's the basics. If the systems need to be higher-security or are high value, you may wish to go further and ensure that both endpoints mutually authenticate to each other using public key based authentication.
Also of note is that these apply whether you are using TCP, HTTP or MQTT connections. You shouldn't use UDP connections unless you are using a wire-level VPN.
