Now you are showing your age 
3 Likes
No, no!!! I meant NEW Doom on, you know, Playstation 6!!!
1 Like
Yes, that is the crux of it I’m afraid. My Roon Core is on my business iMac. And the benefits of ARC don’t outweigh my concern of compromising my firewall security as the technical side of that is beyond my comfort level. I am already in the Apple eco-system specifically for security benefits.
1 Like
Hmmm just saw on the Roon forum there is already a big warning thread pinned asking users please not to make ARC work by messing with their DMZ settings. Sigh.
1 Like
Hi just bear in mind these days Microsoft Windows and Apple OSX are as safe or as unsafe as each other - a decade ago it was different.
Almost certainly both Apple and Microsoft have common intel on addressing vulnerabilities and Microsoft has tightened some of it previous developer flexibility to more closely align with Apple’s stance.
In 2019 Malwarebytes found that for the first time that the average Mac user actually had more malware attacks compared to the average Windows PC user.
So if you are using a Mac be as diligent and careful as any other modern platform you could use. Possibly a good example of outdated thinking that hackers can take advantage of.
2 Likes
Network security engineers:
-
Understand that security is a layered approach, and that perimeter security is not meant to be replaced or made obsolete by “software updates, web hygiene, anti malware”, etc. Those are separate levels of security meant to be additive, on purpose and by design. You are basically saying that it’s fine to leave the gate open because you have a barking dog and a fancy alarm behind.
-
Are aware that no major firewall manufacturer supports UPnP because it is considered unsafe, it would be literally laughable if they did. Palo Alto does not, Check Point does not, and neither Cisco ASA/Firepower just to mention the three big ones. The list goes on and on.
-
Don’t call the software on the home Internet gateway a firewall, because it isn’t, not even by the wildest stretch of imagination.
-
Do not promote the use of peer to peer applications, gaming consoles and similiar devices (now ARC) that require direct access from the Internet to a secured network.
-
Yes, let’s leave it here, after over 25 years of experience making a living as a network security professional I can confidently say that I’ve never met one that talks like you, so you definitely “work in a different world” to the one the rest of the network security engineers do.
Nowadays people work from home more than ever, they often handle sensitive information from their home networks on a daily basis, and their livelihoods depends on keeping it safe. The misinformation you are spreading is dangerous to this community and you should stop.
1 Like
All good here with the arc function, can cancel my itunes match subscription which i have for a similar facility with local files. Hopefully carplay integration will be on the development plan at some point.
Outrageous… please cease this … it’s unnecessarily worrying people, I am presenting a balanced picture which is how security tends to be designed and managed these days… risks and potential impact … I suggest if you don’t want to use Roon or similar products to source your content remotely then don’t. For anyone else who does please follow my advice; which is follow the NCSC guidance for general internet usage and then specifically your software manufacturers’ instructions and guidance of safe setup. You have a choice of enabling your firewall to support Roon ARC or not. If you are outside the UK follow your own countries cyber security advice for individuals and families. In the UK click through to https://www.ncsc.gov.uk/
If you you have an issue you can take it up with the National Cyber Security Council of the UK.
Specifically the UK Gov NCSC say about sourcing content through a consumer firewall.
- Disabling UPnP may prevent certain applications and devices from working, such as online gaming, media servers, and other smart devices. If you decide that you need these applications, you’ll have to decide whether to give up some security by allowing UPnP and port forwarding.
Which is a balanced non sensationalist response which is why I have recommended people to read… it is not dangerous. It’s a case of impact, awareness and risk appetite if you want to use these capabilities on your internet access.
4 Likes
For the benefit of the community I’m sharing this quote taking directly from the National Cyber Security Council of the UK:
Check your router settings
Many routers use technologies called UPnP and port forwarding to allow devices to find other devices within your network. Unfortunately, cyber criminals can exploit these technologies to potentially access devices on your network, such as smart cameras. To avoid this risk you should consider disabling UPnP and port forwarding on your router - check your router’s manual or the manufacturer’s website for details about how to do this.
Note that:
Some routers will have UPnP disabled by default; if this is the case you don’t have to do anything. Disabling UPnP may prevent certain applications and devices from working, such as online gaming, media servers, and other smart devices. If you decide that you need these applications, you’ll have to decide whether to give up some security by allowing UPnP and port forwarding.
Seriously, you should stop giving unsolicited network security advice, you are obviously not qualified for it and could be inadvertently harming others.
1 Like
Indeed I was sharing the advice from the NCSC site, it’s good balanced advice.
I do start to question your approach here and your understanding of cyber vulnerability assessment… but as you tried to question mine I suggest we should cease this discussion between us as it will be tiresome for others to read… but I am pleased you agree with my advice on following NCSC guidance. But seriously cut back on the arrogance please… I was not wanting to be offensive or question the merit of you sharing your views to others, but you were just starting to try my patience when you were doing precisely that to me. But enough of that…
On a positive note however if you are involved in this area in the UK like I am you never know we might meet at a certain UK Cyber Security IT conference and dinner that was postponed from last week due to events… we can then discuss one to one over a drink.
1 Like
Surely if you disable uPnP on your router, you can’t even use your own Naim streamer on your home network.
No… they are quite different as I posted above. UPnP is a collection of protocols. For local audio streaming it uses UPnP AV or UPnP DLNA… this is a subset of UPnP protocols which connects between the UPnP servers, control points and renderers.
UPnP on the router allows other UPnP protocols to configure a home router firewall for port forwarding. If you disable UPnP on the router you disable the ability of applications to configure the router firewall should they need to. Therefore in such a case you would need to manually configure the firewall for the application to work as intended.
The reason why disabling UPnP on the router can be seen as beneficial, is because if you are hacked or compromised, then you make it harder or not possible for malicious software or malware residing somewhere on your home network to configure the firewall and allow unsolicited flows into your home network which could cause more damage.
1 Like
thanks you for clearing up Simon - i have disabled upnp on my bt smart hub and everything seems to work (roon, Arc) and my work connection is unaffected so nice to know its more secure.
1 Like
That’s helpful. Though the Roon help page for troubleshooting an ARC connection has, as the first step, enabling UPnP on the router!
Yes… if you enable UPnP then there should be a good chance Roon can automatically configure your router firewall to support ARC… but so could a malicious app if you are compromised…
If you turn off UPnP on your router then you will need to manually assign the firewall rule instead if you wish to use the ARC function of Roon which the Roon web site shows you how to do.
I think Roon is steering its customers down the plug and play approach as much as it can to keep it simple as it can.
Simon
1 Like
just noticed one thing. When playing arc with 4G it shows the signal path as lossy with the source being mp3 44.1/2ch -not noticed that before? being played through phone speakers
EDIT - its in the settings - turned off auto pick best quality and manually set to cd quality and all good
Hmm, yes, but uPnP was (still is) enabled in my router and ARC won’t work outside my home network. All rather confusing but great for those it works for 
. Now I’m thinking I should turn the uPnP off and delete ARC. All this hassle because Roon decided to update their software, requiring questionable security settings to get its own software communicating……
Spoke to my ISP today and they told me I need a static IP. It will then cost me 2.69 Euro per month and I think that is too much. So no Roon ARC for me.
1 Like
I had a look at the Roon community forum. Gosh. Full of people posting with problems with ARC and putting up screen shots of their router settings with details of the open ports with IP addresses etc. one big open security hole right there for anyone to see… not good.
1 Like
This is only a good idea of you can be sure both ends of the line have superb network connections or you are just inviting issues.
I suspect that setting is for ‘max’ setting rather than fixed anyway.
It may upset you to hear tidal et al do exactly the same thing when there is network pressure, that is reduce the quality to reduce the amount of transfer of data.
1 Like