If you have a home printer or digital camera, you’ve probably used Universal Plug and Play (UPnP). It’s a widely used protocol that makes it easy to install devices on your home network, allowing them to connect to each other, without having to undergo the cumbersome process of adjusting settings on your router.
UPnP is ubiquitous, but it’s not secure.
[Understand more about everyday tech. Sign up for the ExpressVPN Blog Newsletter.]
What is port forwarding?
In the simplest terms, port forwarding refers to the method in which remote computers can connect to a private local area network. This includes devices connected to a network in a limited area such as your home, school, or small office. This is pertinent as one of the ways to provide access to a local area network externally, is via port forwarding.
The interconnection of local area networks connected together across a city is known as a metropolitan area network. A wide area network is essentially anything external to a local area network.
UPnP, for example, is useful if you’re expecting a delivery but won’t be at home; port forwarding connects your phone to your smart doorbell camera to allow you to communicate with the delivery person.
How does UPnP work?
When you connect a UPnP device to your local network, it will first try to obtain an IP address. This process, usually done through a process called DHCP, is no different from the process of obtaining an IP address for any other kind of device. Almost all routers support DHCP.
As soon as your UPnP device has an IP address, it will try to find a “control point,” which is typically your router. It will send your router a file containing useful information about the device, such as the manufacturer, model number, firmware version, and functionality.
For example, if you connect a printer with UPnP capabilities, the printer will let your router know what printer it is. When you want to install that printer, your computer will only have to ask your router what printers are connected to it, and you will be able to quickly connect and install the up-to-date firmware from its vendor.
UPnP also allows entertainment devices to easily find each other on a network. This allows you to do things like stream music or games from one computer to another.
Should I enable UPnP for online gaming?
While it may be more convenient, the truth is that UPnP has no real discernible impact on your gaming experience. UPnP won’t increase your speed, improve your latency, nor affect your bandwidth. As above, for safety sake, keep UPnP disabled.
Is UPnP safe?
The main issue with UPnP is that it is primarily built for your home and makes certain assumptions based on this—namely, that your home network is well secured against attacks from the outside, but anything inside of it is permitted to be open and unsecured.
As a consequence, UPnP lacks basic authentication, and its devices are often prone to attacks. Your home network can’t be assumed to be secure, especially given the prevalence of unpatched routers, shared Wi-Fi passwords, and untrusted devices that could be connected to it.
In fact, UPnP can open up your network to security holes. For example, it allows devices on your network to request for ports to be opened to the open internet, where more malicious requests can be made.
For large networks, such as in business environments, UPnP often fails due to too many devices trying to “discover” each other and taking up a lot of network resources or confusing the router with contradictory information.
How to secure your UPnP router
We recommend you to turn off UPnP in your router’s settings and configure your home devices manually. Log into your router’s admin panel, find the settings, and deactivate UPnP. You will usually find your devices’ IP address and log-in credentials on the back of your router or its user manual.
While you are poking around in your router’s admin panel, you might also take the opportunity to…
- Update your router’s firmware
- Set a password for your Wi-Fi
- Change the password to your router’s admin panel
- Review the devices connected to your router
- Set up a VPN on your router
Read more: How to reduce your trail of metadata