Browse Definitions :
Definition

Universal Plug and Play (UPnP)

What is Universal Plug and Play (UPnP)?

Universal Plug and Play (UPnP) is a standard that lets network devices automatically find, communicate with and control each other. It is used by routers, computers, printers, game consoles and IoT devices. It uses industry standard protocols such as IP, HTTP and Extensible Markup Language. It is designed for home use.

UPnP is designed as a simple way for home users to connect network devices without needing to configure them or deal with incompatible standards. They can simply plug everything into their home network and everything will work seamlessly.

UPnP is considered a consumer technology. It does not scale well for large organizations and should not be used on company networks.

Is UPnP Safe?

UPnP is considered safe for home use, but many devices may use UPnP to configure themselves or other devices in an insecure way. It is often recommended to disable it.

To illustrate a problem with UPnP, think of a network-connected security camera. The user might expect that their camera video is private. However, it automatically let anyone on the internet watch its footage. It does this by being configured out of the box to use UPnP to open a port on the router to the internet.

Imagine a home network as an apartment building where every device is a different apartment, and the router is the locked front door to the building. Most neighbors are diligent about not letting strangers into the building.  Other neighbors might accidentally leave the front door to the building open, letting anyone in. A bad neighbor might actively let undesirable people into the building. This shows how one device can compromise network security accidentally.

9 elements of network security
It is often recommended to disable UPnP due to potential network security issues.

Is UPnP needed for gaming?

Most modern games don't need UPnP and instead use server polling. In this type of communication, the game console or computer talks to a central server only and gets all the data it needs to work.

Some games may still use UPnP to set up multiplayer games. This is most common when one game console or computer acts as a server or host and needs to accept incoming connections from the internet. The local device uses UPnP to set up port forwarding and inbound firewall rules on the router to let traffic from the internet into the home network.

Instead of using UPnP, manual rules can be used on a home router. This usually requires custom configuration for each device or game and may be difficult for some home users. It is more secure than using UPnP, however.

types of gamers
Most games nowadays don't need UPnP to communicate.

What is an UPnP media server?

An UPnP media server is a way to stream media, such as pictures, music and video, on a home network from one device to another using a standard UPnP-based communication protocol. One device acts as a server and has all the media stored on it. The server is configured to accept commands using UPnP. A client can then communicate with the server to start streaming the content. Digital Living Network Alliance is an additional media server standard that uses UPnP.

Popular UPnP-compatible media servers include the following:

  • Plex.
  • Kodi.
  • Jellyfin.
  • Some ASUS routers.
  • Some D-Link routers.
  • Synology NAS.

How does UPnP work?

UPnP uses several standard networking protocols to function. It uses HTTP sockets running on an IP network. UPnP devices listen on UDP port 1900 for incoming requests. When a device joins the network, it will send a broadcast or multicast request to all devices on the network seeking other devices, known as control points. This is known as Simple Service Discovery Protocol (SSDP).

Once another control point is found, the devices communicate directly with each other by IP address. The device publishes information about itself in an XML file. This will contain data such as its name, manufacturer, serial number, available services and available commands. The devices can then communicate by passing commands or actions to each other over HTTP.

How to disable UPnP?

UPnP may be turned on or off on each device that uses it. Most commonly, however, UPnP is disabled on the network router to prevent devices from opening security holes into the network.

Consult a router's documentation for detailed directions on how to disable UPnP. Simplified steps include the following:

  • Go to the router's settings page and log in. This can often be done by going to 192.168.1.1 in a web browser.
  • Go to the network settings page. This may be under "advanced" options, firewall or WAN.
  • Set UPnP to disabled.

See how how to secure your home network while working from home. Learn about 12 common network protocols and their functions. Explore network security management best practices and challenges.

This was last updated in August 2023

Continue Reading About Universal Plug and Play (UPnP)

Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

Security
  • intrusion detection system (IDS)

    An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is ...

  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

CIO
  • What is data privacy?

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • What is an outbound call?

    An outbound call is one initiated by a contact center agent to prospective customers and focuses on sales, lead generation, ...

  • What is lead-to-revenue management (L2RM)?

    Lead-to-revenue management (L2RM) is a set of sales and marketing methods focusing on generating revenue throughout the customer ...

  • What is relationship marketing?

    Relationship marketing is a facet of customer relationship management (CRM) that focuses on customer loyalty and long-term ...

Close