Media Kit

Fb Share

In the dark ages of personal computers (1980s and '90s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process and possibly replace system files. If someone who was used to the process of adding a network card to a system today looked at the process of how to do it in 1989, they would swear that the early computer user was practicing witchcraft. Today, when you plug something into your computer it lets you know that it detected something and can either use the default driver (assuming one exists), or you can choose your own. My how the world has changed.

The technology that allows this type of communication between devices is known as Universal Plug and Play (UPnP). It was designed to allow devices on the same network to communicate with one another without complicating the process. It makes adding devices to a network more convenient, but convenience and security are always diametrically opposed. In other words, unlimited (and poorly patched) UPnP devices are ripe feeding grounds for computer hackers who want into you system.

In a recent report releaded by Rapid 7, an Internet security firm, there are approximately 40-50 million devices exposed to the Internet with a host of UPnP vulnerabilities. The real issue is that UPnP was never designed to be exposed to the Internet and security was never a consideration in its design. On top of that, early versions of it were easy to infiltrate and force the affected devices to run malicious code. Several current devices are still running the vulnerable version of UPnP because their manufacturers did not update the code on their hardware.

Since this blog focuses on the security of retailers, why am I including this report? The simple answer is that if you are running a switch, printer, router or another device that is UPnP enabled, you are potentially exposing your network to computer hackers. If you take credit cards, and have to comply with PCI, then section 6 (which asks about applying security patches), and section 11 (which includes internal vulnerability scans and penetration testing) become much more critical if you have UPnP devices on your network.

The first vulnerability I personally ever read about on UPnP was exposed in 2001; 12 years later, not much has changed on this front. UPnP should not be enabled if you are concerned about security. If you must use it because of how your network is put together or managed, than at least know that you are running the latest versions of the technology that are less vulnerable to attacks. If you are unsure of where you stand, find a modern-day geek (or at least your technology provider) and ask.

Related Content

User Comments – Give us your opinion!
Products & Services

Free Menu Board Media Player Promotion

http://global.networldalliance.com/new/images/products/6675.png

6675/Free-Menu-Board-Media-Player-Promotion

PCI Compliance Services

http://global.networldalliance.com/new/images/products/4892.png

4892/PCI-Compliance-Services

Facebook Ordering

http://global.networldalliance.com/new/images/products/5935.png

5935/Facebook-Ordering

Dual Core Menu Board Media Player - $99

http://global.networldalliance.com/new/images/products/6677.png

6677/Dual-Core-Menu-Board-Media-Player-99

iiX Custom Points Program

http://global.networldalliance.com/new/images/products/custompoints.gif

1423/iiX-Custom-Points-Program

PeopleMatter SCHEDULEā„¢

http://global.networldalliance.com/new/images/products/4628.png

4628/PeopleMatter-SCHEDULE

Javarama coffee

http://global.networldalliance.com/new/images/products/6961.png

6961/Javarama-coffee

Custom Digital Signage Templates

http://global.networldalliance.com/new/images/products/6683.png

6683/Custom-Digital-Signage-Templates

Self Serve iPad Ordering

http://global.networldalliance.com/new/images/products/5605.png

5605/Self-Serve-iPad-Ordering

PeopleMatter LEARNā„¢

http://global.networldalliance.com/new/images/products/4627.png

4627/PeopleMatter-LEARN

PCI Compliance & Network Security

Latest posts by Brad Cyprus
Brad Cyprus
Bradley K. Cyprus has more than 20 years experience in the security industry. He manages the development of in-house solutions to validate compliance, and he is a resource that Vendor Safe customers can rely upon to help interpret the PCI standard.
Digital Menu Boards and ROI
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.