Definition

Universal Plug and Play (UPnP)

Gavin Wright

By

Gavin Wright

What is Universal Plug and Play (UPnP)?

Universal Plug and Play (UPnP) is a standard that lets network devices automatically find, communicate with and control each other. It is used by routers, computers, printers, game consoles and IoT devices. It uses industry standard protocols such as IP, HTTP and Extensible Markup Language. It is designed for home use.

UPnP is designed as a simple way for home users to connect network devices without needing to configure them or deal with incompatible standards. They can simply plug everything into their home network and everything will work seamlessly.

UPnP is considered a consumer technology. It does not scale well for large organizations and should not be used on company networks.

Is UPnP Safe?

UPnP is considered safe for home use, but many devices may use UPnP to configure themselves or other devices in an insecure way. It is often recommended to disable it.

To illustrate a problem with UPnP, think of a network-connected security camera. The user might expect that their camera video is private. However, it automatically let anyone on the internet watch its footage. It does this by being configured out of the box to use UPnP to open a port on the router to the internet.

Imagine a home network as an apartment building where every device is a different apartment, and the router is the locked front door to the building. Most neighbors are diligent about not letting strangers into the building. Other neighbors might accidentally leave the front door to the building open, letting anyone in. A bad neighbor might actively let undesirable people into the building. This shows how one device can compromise network security accidentally.

9 elements of network security — It is often recommended to disable UPnP due to potential network security issues.

Is UPnP needed for gaming?

Most modern games don't need UPnP and instead use server polling. In this type of communication, the game console or computer talks to a central server only and gets all the data it needs to work.

Some games may still use UPnP to set up multiplayer games. This is most common when one game console or computer acts as a server or host and needs to accept incoming connections from the internet. The local device uses UPnP to set up port forwarding and inbound firewall rules on the router to let traffic from the internet into the home network.

Instead of using UPnP, manual rules can be used on a home router. This usually requires custom configuration for each device or game and may be difficult for some home users. It is more secure than using UPnP, however.

types of gamers — Most games nowadays don't need UPnP to communicate.

What is an UPnP media server?

An UPnP media server is a way to stream media, such as pictures, music and video, on a home network from one device to another using a standard UPnP-based communication protocol. One device acts as a server and has all the media stored on it. The server is configured to accept commands using UPnP. A client can then communicate with the server to start streaming the content. Digital Living Network Alliance is an additional media server standard that uses UPnP.

Popular UPnP-compatible media servers include the following:

Plex.
Kodi.
Jellyfin.
Some ASUS routers.
Some D-Link routers.
Synology NAS.

How does UPnP work?

UPnP uses several standard networking protocols to function. It uses HTTP sockets running on an IP network. UPnP devices listen on UDP port 1900 for incoming requests. When a device joins the network, it will send a broadcast or multicast request to all devices on the network seeking other devices, known as control points. This is known as Simple Service Discovery Protocol (SSDP).

Once another control point is found, the devices communicate directly with each other by IP address. The device publishes information about itself in an XML file. This will contain data such as its name, manufacturer, serial number, available services and available commands. The devices can then communicate by passing commands or actions to each other over HTTP.

How to disable UPnP?

UPnP may be turned on or off on each device that uses it. Most commonly, however, UPnP is disabled on the network router to prevent devices from opening security holes into the network.

Consult a router's documentation for detailed directions on how to disable UPnP. Simplified steps include the following:

Go to the router's settings page and log in. This can often be done by going to 192.168.1.1 in a web browser.
Go to the network settings page. This may be under "advanced" options, firewall or WAN.
Set UPnP to disabled.

See how how to secure your home network while working from home. Learn about 12 common network protocols and their functions. Explore network security management best practices and challenges.

This was last updated in August 2023

Continue Reading About Universal Plug and Play (UPnP)

What is the difference between audio and video conferencing?

Games, not shame: Why security awareness training needs a makeover

Use of AI in video games boosts playing experience

An introduction to 8 types of network devices

What are the similarities and differences of TCP/IP vs. HTTP?

Search Networking

What is open networking?
Open networking describes a network that uses open standards and commodity hardware.
What is Border Gateway Protocol (BGP)?
BGP (Border Gateway Protocol) is the protocol that enables the internet's global routing system.
What is multiplexing and how does it work?
Multiplexing, or 'muxing,' is a way of sending multiple signals or streams of information over a communications link at the same ...

Search Security

What is Pretty Good Privacy and how does it work?
Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate ...
What is cloud security?
Cloud security, or cloud computing security, is a set of policies, practices and controls deployed to protect cloud-based data, ...
What is corporate governance?
Corporate governance is the combination of rules, processes and laws by which businesses are operated, regulated and controlled.

Search CIO

What are quantum coherence and decoherence?
Quantum coherence and decoherence are fundamental indications of how well a system of quantum objects -- atoms or other quantum ...
What is a SWOT analysis? Definition, examples and how to
SWOT analysis is a framework for identifying and analyzing an organization's strengths, weaknesses, opportunities and threats.
What is a quantum logic gate?
A quantum logic gate is a basic quantum device that operates on a small number of quantum bits or qubits.

Search HRSoftware

What is employee experience?
Employee experience is a worker's perception of the organization they work for during their tenure.
What are performance appraisals? A how-to guide for managers
A performance appraisal is the structured practice of regularly reviewing an employee's job performance.
What is gamification? How it works and how to use it
Gamification is a strategy that integrates entertaining and immersive gaming elements into nongame contexts to enhance engagement...

Search Customer Experience

What is quality of experience (QoE or QoX)?
Quality of experience (QoE or QoX) is a measure of the overall level of a customer's satisfaction and experience with a product ...
What is voice of the customer? A guide to VOC Strategy
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and ...
What is high-touch customer service?
High-touch customer service is a category of contact center interaction that requires human interaction.

Close