Table of Contents
Advertisement
security b est p ractice: y ou c an o ffer y our g uests f ree I nternet a ccess w ithout h aving t hem
looking a round y our c ameras, c omputers, p ersonal f iles o r, w orse, y our r outer!).
DMZ
If y our r outer o ffers t he D MZ f unctionality ( De-Militarized Z one!), i t's g ood t o k now t hat d evices
you a ttach t o t he D MZ w ill b e e xposed t o t he I nternet b ut u sually c annot a ccess t he i nternal
network. I n t his w ay, i f t hey g et c ompromised, t he m alicious a ttacker s hould r emain c onfined t o
the e xposed d evice, w ithout a n e asy r oute t o y our h ome s ystems a nd d ata. C onsult t he r outer
manual t o k now m ore a bout t he D MZ c onfiguration w hen a vailable.
Port f orwarding
One i mportant r ole o f t he r outer i s t o c ontrol t he t raffic b etween t he i nternal a nd t he e xternal
worlds.
Typically, i n a b asic s etup, a ll t he i nternal d evices c an r each a ny d estination o n t he I nternet, b ut
nothing f rom t he I nternet c an r each a n i nternal d evice ( except f or a nswers t o c ommunications
initiated b y a n i nternal d evice s uch a s r equesting a w eb p age). I n t his w ay, y our r outer p rotects
your d evices f rom u nauthorized a ccess a ttempts c oming f rom l iterally a nywhere i n t he w orld.
Sometimes, c ertain i nternal d evices m ay a ct a s a s erver a nd n eed t o b e r eached f rom t he
Internet i n o rder t o p rovide t he i nformation t hey g enerate. F or e xample, s urveillance c ameras
have a b uilt-in v ideo s erver t hat y ou c an r each o nly w hen y ou a re i n t he i nternal h ome n etwork
(not v ery u seful). I f y ou w ant t o s ee t he v ideo f eed f rom o utside a nd t he c amera m anufacturer
doesn't p rovide a c loud s ervice, y ou n eed t o e xpose t he c amera t o t he p ublic I nternet. T o d o
this, y our r outer p rovides t he p ort f orwarding s ervice. G ame c onsoles m ay n eed p ort
forwarding f or m ulti-player o nline g aming. S kype , W hatsApp a nd o ther s imilar c ommunication
tools m ay n eed p ort f orwarding t o a llow b i-directional c hats w ith a udio a nd v ideo. B itTorrent
may n eed p ort f orwarding t o c ommunicate w ith m ore p eer n odes a nd s peed u p f ile t ransfer.
UPnP a nd N AT-PMP
Port f orwarding c an b e c onfigured m anually o r a utomatically w henever t he a pplications n eed
it. M anual c onfiguration i s t ypically d one v ia t he r outer c onfiguration w eb p age o r m obile a pp.
For a utomatic p ort f orwarding, m any r outers o ffer s ervices l ike U PnP a nd N AT-PMP t hat
applications c an u se t o o pen t he p orts t hey n eed.
Unfortunately, U PnP a nd N AT-PMP d o n ot a sk f or a ny a uthorization t o o pen t he p orts a nd
malicious a pplications c an u se t hem t o e xpose t he n etwork t o t he I nternet a nd g ain
unauthorized a ccess o r l eak i nformation. F or e xample, a m alware m ay a sk U PnP t o e xpose a
Windows s ervice o r a s urveillance c amera w ith a s oftware v ulnerability.
This l ack o f a ccess c ontrol m akes U PnP a nd N AT-PMP a s p otential s ecurity h azards. M any
security-concerned u sers p refer t o t urn o ff t hese s ervices f rom t heir r outer c onfiguration.
User's G uide - A pp v 6.2.1
Page 4 4
Fingbox
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Fingbox and is the answer not in the manual?