As a noob concerned with security, I’m trying to understand this warning. It appears port 8181 is open to internal LAN networks. It looks like the port to https://api.mycroft.ai (remote server set in the ~/mycroft-core/mycroft/configuration/mycroft.conf) is communicating over secure web port 443 along with other common secure traffic such as the browser to httpS sites.
This other post mentions using UFW on linux to set the firewall config, yet doesnt describe what those would be. Assuming the iptable setting above are answering the same or similar question, UFW can be set on Kubuntu with GUFW to Deny both incoming and outgoing traffice on port 8181, but that only secures the intranet local network. What does this break or disable? Talking to mycroft remotely when setup, obviously(?), but also the Kubuntu Plasmoid? What other services would it break from functioning. Will try again now that better setup…
The other post (What is port 8181 for?!) also does mention an attack that looks worrisome, but ‘only’ seems to apply to data used by mycroft. I suppose if someone has access to your internal network you may have bigger problems to worry about, depending on what data you store inside mycroft.
What are the best methods to secure the traffic going to and from https://api.mycroft.ai? I did see this topic here and replied with the method to disable initiation of all connection to the main website from the README: Easiest way to use Mycroft completely offline. Is it just as secure as other data travelling over secure port 443?
Locations of the config files: https://mycroft-ai.gitbook.io/docs/using-mycroft-ai/customizations/mycroft-conf
* Default - mycroft-core/mycroft/configuration/mycroft.conf
* Remote (from Home.Mycroft.ai) - /var/tmp/mycroft_web_cache.json
* System - /etc/mycroft/mycroft.conf
* User - $HOME/.mycroft/mycroft.conf