On my router's configuration page I have a section called Modem. There, I have another subsection called "USB File sharing" where I get two options: File sharing (Samba) and DLNA. I want to tighten the security of my wireless network and disable the things that I don't need. Are those 2 options possible vectors for an attacker to break into my network? Also, I had never heard of DLNA before, could someone explain to me quickly what is the function of this?
Wireless Devices: Should I disable DLNA and File Sharing (Samba) options on my router's modem?
This is the defacto protocol used in media and streaming servers. It allows you to connect a usb storage device with your streaming media (music, movies..etc). This particular protocol is considered "old" since the appearance Netfix.
Other's may have more details to fill in the gaps, I hope they chime in.
I agree with @Ronnie-Wong, the DLNA protocol is 15 years old and really "outlived" it's usefulness. When this was the very few specs that would/will let you stream from your PC, gaming console (which is funny as it was Sony's was a member company of the standard, but no longer supports DLNA on the PS4), mobile devices and more, it (DLNA) was useful. The DLNA standard uses UPnP, allowing for the discovery of other devices and communicate with those devices. So if you are not streaming media from a local PC(or other device) on your network then you will be OK to disable it. I would be careful disabling UPnP though as other technologies that you use might rely on it. However, disable UPnP, then see if any applications or devices stop functioning as expected.
When it comes to Samba, unless you need to connect to a file server that is non-Windows based on your network, then you will be fine to disable it. Your Windows machines will use:
- SMB 2.1 for Windows 7
- SMB 3.0 Windows 8
- SMB 3.0.2 Windows 8.1
- SMB 3.1.1 Window 10 (Adds AES 128 GCM encryption)
Hope this helps!
Great questions !!
Let's start with DLNA and what it is used for. Ronnie already gave you an idea of what DLNA does, here is a little bit more detail:
DLNA separates multimedia devices into 10 certified classes subdivided into three broad categories: Home Network Devices (PCs, TVs, AV receivers, game consoles), Mobile Handheld Devices (smartphones, tablets, digital cameras), and Home Infrastructure Devices (routers and hubs).
A device’s class is determined by its functional capabilities—whether it stores, controls, or plays media—rather than the type of product it is. So it’s possible (even common) for a device to fall into more than one class. Some DLNA-certified TVs, for example, can be classified as both a Digital Media Player—meaning it can locate and play media from other devices—and a Digital Media Renderer—because media can be pushed to it by an external controlling device.
The DLNA specification defines only a handful of audio and video formats it supports. Common formats like MP3 audio, MP4 video, Windows Media Audio, and Windows Media Video 9 are all included. However, DLNA devices don’t support Windows Media Video 10, the MKV or AVI containers, or FLAC lossless audio. DLNA also defines certain types of “profiles,” so some MP4 files might not be supported depending on their resolution, bitrate, and other details. Device creators can’t add support for these because that would violate the DLNA specification. Not all local media files will work. Some DLNA server software will transcode media on the fly from an unsupported format to a DLNA-compliant one — they have to do this because that’s the only way you could stream such files with DLNA.
DLNA also must involve files. You can’t use DLNA to stream the contents of your screen from one device to another, as you can do with Apple’s AirPlay, Google’s Chromecast, or the Miracast wireless display standard. You can’t play a game on a device and stream the output of your display to another device, give a presentation, or mirror your display for any other reason.
So, in terms of what DLNA is and what it does, it serves up local media and makes it available. The security issue(s) associated with allowing it are really centered around the concerns that the broadcasted metadata about the information DLNA is serving up, and where it resides pose. In general terms, turning off ALL services that are not actively used / required is a security best practice to help harden a system / device and to reduce the available attack surface for someone looking to do harm. It would make sense for you to remove support for any of those protocols or services that will not be used for this reason, but also because they pose ongoing risks due to the potential for unknown vulnerabilities that may be exploited at some point.
I hope that helps... :)