on 05-10-2020 14:30
Hi all,
I have a few IOT devices and I've no doubt the family will buy more and more as time goes on, so I was going to enable my guest network on my hub 3.0, move them all over to it and be done with it, but in reading some posts here on the topic, it seems that the first network isn't ideal for IOT devices.
Is this true, or am I misunderstood?
What's the best way to deal with IOT if not through segregation?
Will I have to buy a third party router and connect it to the router? (If so I'll have to dive into YouTube for some lessons >.<)
Thanks for any help!
Answered! Go to Answer
05-10-2020 23:58 - edited 05-10-2020 23:58
If the guest network works use that on the hub but wired will not be isolated.
on 06-10-2020 09:42
on 05-10-2020 14:49
05-10-2020 14:58 - edited 05-10-2020 15:04
I have all my so called smart devices on a separate LAN, together with dedicated access points to ensure complete separation from my home network.
So that is 5 CCTV+DVR, rules in place to stop them talking to the Chinese cloud servers. access either from home network or VPN.
About 10 assorted Sonoff+home made switches running Tasmota.
Pi4 running Openhab/Mosquitto with rules to allow backup to home NAS, Openhab app and Openhab cloud service to control above Tasmota devices
Pi3 running FreePBX with rules to permit SIP phone connections from home and internet, SIP trunks from Internet.
Smart Thermostat with rule to allow connection to Tuya
7 google homes. Music, google, Openhab/Tuya google home integration
None of the above have any place on the home internet. Yes I can connect to them from the home internet, but they cannot initiate a connection. Pi's and cameras are wired, switches and googles via WiFi. Wifi only permits known MAC.
I have always deployed multi tier architectures from when I designed corporate hosting centres with a policy of minimal access between the internet, DMZ devices and the back end services. When I first installed my cameras and observed they were connecting to about 30 servers in China and knowing them to be running a cut down Linux. No way did I want unknown functionality so immediately nobbled them and treat all other devices with the same suspicion.
Edit. Forgot to say I use PfSense as my firewall to manage the interconnect between Internet, "Smart" network, Home network, Work network.
on 05-10-2020 16:29
Oh wow, ok, I wasn't prepared for how expensive it would be to add a layer of security to IOT devices.
If IOT devices can only be accessed through first gaining access to the hub would it still be prudent to put them on a separate network? Surely if the only access is via the router then it's as secure as I can get, and they'll be better targets than my IOT right??
on 05-10-2020 16:33
I would consider myself a 3 or 4 out of ten in tech savvyness, that's quite intimidating!
I was hoping I could flick a switch, change some IPs and boom, more secure!
Does the hub guest network allow other guest to see each other? Because if they don't, that'd be good enough right??
Or is the hub just not up to it compared with 3rd party stuff??
on 05-10-2020 17:33
Best thing to separate out networks is to get a router, WAPs and network switches that support VLANs.
on 05-10-2020 23:34
So are you guys saying that hub3.0 doesn't segregate and IOT can be potential trouble??
It's quite a step from wanting to up router security to homelab lol
05-10-2020 23:58 - edited 05-10-2020 23:58
If the guest network works use that on the hub but wired will not be isolated.
on 06-10-2020 09:28
Ok thanks, do you know if other guests can see each other on guest networks?
I'm just wondering on how secure it is
on 06-10-2020 09:42