Spitballing IoT Security

Mike Meredith mike.meredith at port.ac.uk
Thu Oct 27 09:04:55 UTC 2016


On Thu, 27 Oct 2016 07:59:00 +0200, Eliot Lear <lear at ofcourseimright.com>
may have written:
> Well yes.  uPnP is a problem precisely because it is some random device
> asserting on its own that it can be trusted to do what it wants.  Had

From my own personal use (and I'm aware that this isn't a general
solution), I'd like a device that sat on those uPnP requests until I logged
into the admin interface to review them. Now if you could automate _me_
then it might become more generally useful :-

uPnP(ssh, for admin access) -> f/w

f/w -> uPnP device: Don't be silly.

> But if instead of a pet feeder we're talking about a home file sharing
> system or a video camera where you don't want to share the feed into the
> cloud?  There will be times when people want inbound connections.  We
> need an architecture that supports them.

As someone who manages an application-based firewall, every problem looks
like it would be easier to solve using an application-based firewall :)

-- 
Mike Meredith, University of Portsmouth
Principal Systems Engineer, Hostmaster, Security, and Timelord!
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20161027/a5635da1/attachment.pgp>


More information about the NANOG mailing list