UPnP: Is your firewall safe?

By Richard Mallion
A recent security vulnerability in the UPnP protocol has left millions of firewalls open to security breaches from external sources a recent report has revealed.
UPnP is a protocol designed to make configuration of firewalls easy and transparent. UPnP allows automatic configuration of  firewalls without user intervention.
This has been a great feature for consumers but businesses tended to turn this off. UPnP allows devices to  tell your firewall to punch a hole through to allow access to certain services. A good example are games machines. For network play certain ports need to be open, using UPnP the games console can automatically configure the firewall to allow this without user intervention, giving you a true plug and play experience.
The way UPnP works is that it should only allow internal devices on your network to configure outgoing connections but a new vulnerability has been discovered that allows external devices on the internet to reconfigure your firewall to allow access to your network without any user authentication.
Its been estimated that up to 81 million devices are effected.
Security researcher, Steve Gibson, has developed a quick internet test which checks if your firewall suffers from this vulnerability.
If your device is affected you should immediately contact the vendor to see if a patch is available. If not then your choices are either to turn off UPnP or replace the equipment.
If you need any advice regarding this threat then feel free to contact our support team at support@amsys.co.uk