Advice needed on securing IOT
I am new to the forum, been an AV fan for as long as I can remember and a technology fan. Had been holding off from Smart appliances as was waiting for HomeKit to take off. Currently there isn't much HomeKit stuff that excites me, so I have jumped in with lots of Chinese stuf (Broadlink, Sonoff etc). What amazes me about these products (apart from the affordability) is the ease of installation and setup.
I want to secure my setup as much as possible, but am not sure what to do. I understand its a good idea to put all your IOT devices on the guest network, that makes sense as Guests dont have access to LAN, but I like to change the guest password frequently. Changing the password on each IOT device would take ages, also the apps to run the devices are on my phone, which is on the main network (not guest), so does that not defeat having the device on the guest network?
So create a third wireless setup just for “devices”.
Ubiquiti Pro wifi AP's support multiple VLAN's and multiple SSID's from the same device, they also support hundreds of simultaneous connections, often both 2.4ghz and 5ghz. They are a bit more expensive and the learning curve is steep, but they do work well.
Just make sure you buy the correct model number, they are NOT all-the-same, they are all different.
You might even be able to define separate sub-nets with appropriate masking to help block traffic, and firewall rules.
Either that, or just go buy a cheap $5 wifi from the local pawn/thrift store and setup a 3rd network.
Most ISP modems have a bridge-mode on one of the ports for two WAN's.
Tthey will both still be dynamic IP's, unless they are business-tier, which is fine since you won't be hosting your own website from the inside of your house. They will also share your bandwidth/dataplan if-applicable.
That won't keep data from leaking out or from being hacked though, that's an entirely different realm.
It WILL stop traffic between your lan/wireless-lan and guest network from reaching the IOT network in both directions (unless you place a router between them with routes-enabled.)
Yeah I think best practice would be a router that has multiple physical separately configurable LAN's whether a commercial device or something a little more self setup like pfsense, or a router that has separately configurable VLAN's, or a WAP that has separately configurable LAN's, probably in that order of security but likely all perfectly fine for the application.
+1000 for Ubiquiti. I prefer my devices to be separate that way I can update the individual components as tech changes. Why buy a whole new router/Wifi box when the Wifi goes to 802.11XXX. You should only need to upgrade the AP.
|All times are GMT -7. The time now is 10:20 PM.|
Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.