Hi!
I've read that UPnP is not a service to trust if you are an IT security nerd. But lately I've ran into more and more great serivces that are failing without this little network protocol, so I wanted to research the possibility to make use of UPnP in a more secure way.
The greatest security issue as I understand it is that the UPnP protocol is made in such a way that UPnP serivces are able to freely and automatically forward ports on demand. I see why this is a great issue, and also that this not is a bug in the protocol but a poorly constructed protocol.
My first question is if these ports that are being opened are ports in every direction (LAN-LAN, LAN-Internet), or just local? Because if these ports aren't open to the Internet but only locally, between my devices, I don't see this as a huge problem. Sure - if one device got a malware or virus it could spread more easily on my local network, but since I don't have a large business with hundreds of computers in my network this does not feel as a too great risk at the moment. It would also be easier for it to get into my router and open up "real" ports to the outside world exposing me and my comerades for all the evils of the interwebs. But I don't see that as a very big risk either. So if the UPnP ports are just local my question ends here and I thank you for your help.
Further on, if UPnP ports aren't only local but opens up to the outside world, this is my scenario:
PC (Cable)
NAS (Cable)
Ps3 (WIFI)
Laptop (WIFI)
Two mobile devices (WIFI)
All connected to the same router of course.
I have plenty of movies on my NAS that I want to be able to share. As for today this is easily made to my computer and laptop, since these support streaming movies via a SMB and NFS server on the NAS. This is however not the case with the Ps3. The only way to stream media from my NAS to my Ps3 is via UPnP, and that is a shame. I am also interested in a Sonos system, and if I want to wirelessly stream music from my computer or my mobile device I would again be forced to go via UPnP.
Does anyone have any ideas that could secure my network environment in such a way that the threat from UPnP services is eliminated (or greatly reduced)? Is it possible to run a local VPN in some way so that all traffic is encrypted, even if it runs over open ports? Would Ps3 support VPN? Can I some how make UPnP be routed over "secure" ports that I open up manually? Can have a vaccine so that my network becomes immune to viruses?
Hope you feel creative and can figure out some nice way for me to solve this! :) Thanks!
----------------------------
Reading:
http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/
http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/
http://nakedsecurity.sophos.com/2013/02/05/upnp-flaws-turn-millions-of-firewalls-into-doorstops/
Update: I just found an article that says that there are two things called UPnP. One in the router that is "notoriously insecure" and one client based service that can be run locally and is as secure as your local network is. I did not know this.
But if the routers UPnP setting not is needed for a UPnP server to run and be happy... What is it for? :S Now I am confused.