your network (the IP address of the
server or device traffic on that port
should be redirected or routed to).
UPnP is a network protocol
designed to allow compliant devices
to set these rules for themselves,
so when your device requests
access to a specified port the rule
is automatically set up. That’s great
for convenience, but not for security
as once those ports are opened, they
can be used for nefarious purposes
as well as legitimate ones. Worse
still, while UPnP only responds to
requests for access from your local
network, it assumes those requests
are legitimate, so if malware gets on
to your PC it can open ports without
even a cursory check.
The simplest solution is to disable
UPnP completely, but before doing
so, you should review what ports
have been opened, and assuming
you recognize them, create manual
rules to cover them. On your Archer,
navigate to ‘Advanced > NAT
Forwarding > UPnP’. Make a note
of what’s on the UPnP Service List:
description, external port, protocol,
internal IP address, and internal
port, which should help you identify
what’s there.
Switch to the ‘Virtual Servers’
section and click Add to add them
one by one. The Service Name can
be whatever you like to help identify
it in the future, but be sure to copy
the other information exactly as it’s
recorded. Once done, click OK and
move on to the next. Once all your
services have been set up, return to
UPnP, and flick the switch off.
If you think you can’t live
without UPnP, then consider thiscompromise: set a reminder to
check it once a week for new
services. Once vetted, repeat the
process of converting them into
virtual servers, then flick the UPnP
off and on again to clear the list.UPNP AND SYNOLOGY
The process is slightly different
with the Synology. Everything is
conveniently located within a single
screen (Network Center > Port
Forwarding > Port Forwardingtab), and you can combine multiple
ports within a single port forwarding
rule (if you do this, however, you must
leave the ‘Private port’ field blank— it
will automatically select all the ports
you’ve defined under ‘Public port’).
Once you’ve created a port
forwarding rule here, the
corresponding UPnP rule will vanish,
although it may reappear if another
device on your network subsequently
tries to access the same port. Unlike
the Archer VR900, the Synology
router has a built-in firewall that
screens all traffic as it comes in from
the internet.
However, by default, it has been
configured to automatically create
rules granting access to any ports
that have been configured here,
either manually or via UPnP. Click
the Settings button to change this
behavior. You might choose to
disallow automatic rules for UPnP-
created rules, for example, but you
will have to remember to add these
yourself whenever a new service
attempts to open a port).
If you want to disable UPnP on the
Synology router, switch to the Local
Network section, scroll down to the
DHCP Server section, and set the
‘Enable UPnP’ menu to Disabled.SET PARENTAL CONTROLS
While they are no substitute for
dedicated parental control software,
your router will probably offer some
basic parental control tools. The
Archer VR900 is typical of most
consumer routers in that its options
are fairly limited: you can set time
limits for specific devices based on
their MAC address, and create simple
content filters for websites to block
by URL or keyword.Parental controls allow you to protect vulnerable household membersClose possible
security holes
by updating
your router’s
firmware.Manual port forwarding rules are more secure than UPnPnetworking security guide