ZyXEL Communications P-335WT Manual do Utilizador descarregar pdf (Página 13)

7.2.3 Step 2: Description & step 3: Control

Disabling discovery and notiﬁcation will not take away the possibility to download

the description XML ﬁle and invoke remote procedure calls via SOAP on a control

point. Since every control point deﬁnes for itself where the description ﬁle is and

to which URL SOAP requests have to be sent it becomes very awkward, if not

impossible to ﬁlter.

7.2.4 Step 4: Eventing

Like the previous steps, it is hard to ﬁlter out eventing messages, since each control

point deﬁnes for itself where devices should describe. Every device deﬁnes for itself

where events should be sent to using the Callback header.

7.2.5 Step 5: Presentation

The presentation step (the administrative webinterface) can’t be used to issue com-

mands automatically and is harmless from a UPnP point of view. There is therefore

no need to block it. Of course, the webinterface itself should be protected as well.

8 Fixing UPnP

This paper has demonstrated that there are problems with UPnP which make it

possible for an attacker to abuse a whole network in various ways in a fairly easy

way. The only solution to ﬁx these problems is a complete redesign of the protocol

with security in mind, for which the standard UPnP “Device Security” proﬁle seems

to be a fairly good basis. How well this would work in a home network, where there

is often an administrator without the necessary technical knowledge, remains to be

seen.

Vendors can improve UPnP security right now by making several fairly straightfor-

ward adaptions to their UPnP implementations, without making any of the intended

uses of UPnP impossible. Some adaptions would be:

• Do not allow “privileged ports” (below 1024) to be forwarded via UPnP. No

application that uses UPnP needs privileged ports. If a particular program

does need a privileged port and wants to have it forwarded via UPnP, you

probably do not need that application. Legitimate forwardings of privileged

ports should be done manually, for example via the webinterface.

• Check if the InternalMachine parameter really represents an internal ma-

chine. This seems to be done by some vendors, but not all.

• Restrict forwarding to the internal machine itself. For broadcast and multicast

addresses use a caching proxy instead (if possible).

• Let devices check for ﬁrmware updates and enforce these to be installed, to

make sure the latest updates are installed.

Access control could be an eﬀective way to reduce hacks, using the following coun-

termeasures, all slightly diﬀerent:

• Only allow machines that are known by the DHCP server and/or DNS to

make UPnP requests.

1 2 ... 8 9 10 11 12 13 14 15 16 17 18

Sem comentários

ZyXEL Communications P-335WT Manual do Utilizador Página 13