Chapter 9 Network
the NSA from the LAN and
Figure 97 UPnP Using the Wrong IP Address
192.168.1.34
a.b.c.d
192.168.1.33
9.5.2 UPnP and Security
UPnP’s automated nature makes it easier to use than manually configuring firewall and NAT rules, but it is also less secure. Using UPnP may make your network more susceptible to snooping and hacking attacks.
9.5.3 The NSA’s Services and UPnP
This section introduces the NSA’s services which an Internet gateway can use UPnP to allow access to from the Internet.
CIFS (Windows File Sharing)
Common Internet File System (CIFS) is a standard protocol supported by most operating systems in order to share files across the network. Using UPnP port mapping for CIFS allows users to connect from the Internet and use programs like Windows Explorer to access the NSA’s shares to copy files from the NSA, delete files on the NSA, or upload files to the NSA from the Internet.
If you configure UPnP port mapping to allow CIFS access from the WAN but cannot get it to work, you may also have to configure the Internet gateway to also allow NetBIOS traffic. See Section 7.3 on page 157 for more on CIFS.
FTP
File Transfer Protocol is a standard file transfer service used on the Internet. Using UPnP port mapping for FTP allows remote users to use FTP from the Internet to access the NSA’s shares. A user with read and write access to a share can copy files from the share, delete files from the share, or upload files to the share. See Section 10.4 on page 188 for more on FTP. If you use UPnP to allow FTP access from the WAN, you may want to use a different WAN port number (instead of the default of port 21) to make it more secure. Remember to tell the remote users to use the custom port number when using FTP to access the NSA.
HTTP (Web Configurator)
You can use UPnP port mapping to allow access to the NSA’s management screens. If you use UPnP to allow web configurator access from the WAN, you may want to use a different WAN port number
180 |
|
Media Server User’s Guide | |
|
|