Roon Core Machine
Networking Gear & Setup Details
Connected Audio Devices
Number of Tracks in Library
Description of Issue
I understand in order to use ARC we need to open a port on our routers for incoming traffic. Forgive me but is this the only way? Exposing any port to Internet traffic is a big no no, isn’t it?
I believe same thing applies to enabling UPnP on your router, which I have specifically turned off.
Is there any other way to get ARC working? I know SONY has the Remote Play app that doesn’t require port forwarding for example, so it’s certainly possible.
My understanding is UPnP sits the LAN side of a firewall. UPnP allows for devices on the LAN/WLAN to negotiate port forwarding.
That port forwarding means the incoming traffic, if asking for that port, is put through that port. It tries a handshake, in ARCs case login details are compared to the cores details. If a match the door is opened. If no match the door is shut.
Most generic firewall rules will shut the door if the traffic is not related, not established inside the LAN to start with and will drop the traffic.
I think that’s a simple way of putting it.
Is your front door safe. Yes if locked and only the people you trust have a key. If someone you don’t trust tries to get in, slide the bolt across.
I believe this is an oversimplification. Even so, someone may be able to exploit something and gain access. I was always told not to open any ports on your router if you want to remain secure.
Am I being too paranoid?
They could before
Correct. Only open those you need
I do recommend UPnP to be disabled and a specifi port forward rule setup. On enterprise type routers you can apply required firewall rules to make it very secure.
For a home owner I have no top secrets on my NAS or other systems. My treasures items are stored in the cloud.
This is exactly my situation, by the way. My Roon core resides on my Synology NAS so I’m doubly worried about opening ports, since I’d also have to open it on the NAS.
PS. It’s certainly not about having “top secrets on my NAS” if you want to be secure.
Can I be cheeky and ask what’s on your NAS?
Lol I never understood this mentality. Why does there have to be anything at all on my NAS for me to be concerned about security??
No, I understand. I agree security is a big deal. I don’t want to have my network violated.
I just wouldn’t store anything on a NAS if using it in this instance for Roon. I’d possibly have 2. 1 for files and photos etc. 1 for Roon purposes.
I have 3 young children. My wife and I take loads of photos and they’re stored very securely in the cloud. I wouldn’t risk storing them locally for 2 reasons. Drive failure or the wife accidentally leaving our network open to attack.
Our internet devices are media devices only. Works laptop goes through a VPN. I can access my network when away via a VPN.
My view may differ though. Put lots of visible locks on a door will make those looking at the door think you have something they want.
Years ago I had a PC connected to the internet with no security at all. The only unwanted attack was when Norton antivirus (disabled) constantly told me the PC was infected. Once disconnected from the internet it was thoroughly scanned with a proper piece of software and nothing was found. I deleted Norton. I ran it like that for nearly 3 years. Not one attack. Depends what sites you go looking at that could entice untrustworthy characters I suppose.
Security is indeed a serious concern here and it’s a real possibility. We have already seen various kinds of deadly instrusive attacks on the QNAP users despite the fact the QNAP has taken many preemptive security measures. I think 2-step authentication and disabling any write permission on the Roon Core server or allowing only some kind of registered, trusty mobile devices may help.
Thanks, QuinnT. Definitely agree.
I already have 2FA enabled for my user accounts for the NAS, but this open port would not be subject to 2FA, so how would that apply in this scenario?
I can think of various options on how to do it, but I guess it’s up to Roon dev to figure out an easy and friendly way on how to do it, or setting up some kind of firewall.
One solution would appear to be don’t purchase Qnap.
I have been using QNAP, so far so good because I have never exposed the QNAP to the internet by opening port to any QNAP apps.
I use ARC and it think it is a great app, I think Roon dev have taken some preliminary security measures, but it’s still not fully bullet proof IMO, time will tell.
Router dependent, setup a VPN instead of port forwarding or UPnP.
VPN allows both Roon core and Roon ARC to work without UPnP or port forwarding.
This allows choice of either.
A port is as secure as the protocol using it. Roon would have to implement 2FA.
2FA, and trusty mobile devices, etc. There are many well proven cybersecurity measures that are already designed and implemented by various major software firms (especially during the lockdown as many folks were working from home).
I’ve had a similar issue with my setup and can’t get ARC working outside my local network. I’m pretty disappointed with the whole malarkey to be honest. My Roon Core is on my business iMac and I’m not prepared to comprise my firewall security by fiddling with my router settings and opening ports that could be hacked. Not really sure what this was all meant to achieve, having a firmware update that then forces changes on a networks security protocols to enable the software to work with an app that is meant to control the developer’s own software……
This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.