IoT isolation

[elorimer]

Today's New York Times has an article about preventing IoT hacking. It suggests using a guest network to isolate IoT devices (Echo, thermostats, garage door openers, sous vide circulators, whatnot) from computing devices (laptops, tablets, phones).

This seems like a worthwhile idea, but is that the best way of doing it? I assume with Merlin the first step is turning off intranet access, but it isn't clear to me that that allows an Echo to speak to the thermostat.

BYT, the article doesn't say anything about securing the router, which I would have thought would have been numero uno.

[EDIT] NVM, this will get me started: How do I isolate clients on guest wifi?

 

[snakebite3]

Today's New York Times has an article about preventing IoT hacking. It suggests using a guest network to isolate IoT devices (Echo, thermostats, garage door openers, sous vide circulators, whatnot) from computing devices (laptops, tablets, phones).

This seems like a worthwhile idea, but is that the best way of doing it? I assume with Merlin the first step is turning off intranet access, but it isn't clear to me that that allows an Echo to speak to the thermostat.

BYT, the article doesn't say anything about securing the router, which I would have thought would have been numero uno.

[EDIT] NVM, this will get me started: How do I isolate clients on guest wifi?

I thought about this but Guest wifi might cause problem for some devices. One my of user had packet drops when I enable 2.4ghz guest. This is something you should look into when you enable it.

 

[pete y testing]

I assume with Merlin the first step is turning off intranet access, but it isn't clear to me that that allows an Echo to speak to the thermostat.

the issue is most of these IoT device report back to their respective clouds as thats how they work so you cant block them as they will almost certainly loose functionality , guest isolating them makes some sense except if they need to communicate with each other as in guest wifi they are isolated from everything else and can only see the internet

i think vlans with a separate wifi network would be what would solve the issue but that doesnt stop the IoT devices being hijacked for bot networks and that in its self is a different problem

 

[CaptainSTX]

Today's New York Times has an article about preventing IoT hacking. It suggests using a guest network to isolate IoT devices (Echo, thermostats, garage door openers, sous vide circulators, whatnot) from computing devices (laptops, tablets, phones).

This seems like a worthwhile idea, but is that the best way of doing it? I assume with Merlin the first step is turning off intranet access, but it isn't clear to me that that allows an Echo to speak to the thermostat.

BYT, the article doesn't say anything about securing the router, which I would have thought would have been numero uno.

[EDIT] NVM, this will get me started: How do I isolate clients on guest wifi?

I use two routers. The primary router running Merlin's firmware gives me the option to have up to six guest WiFi networks. I connect my Iot to one of the six networks. This isolates these devices from each other. If necessary I can group them together or remove them from a guest network.

My secondary network is run on a second router in a different subnet behind my primary router protecting my key computers and devices from all Iot running on the primary router.

While it is entirely possible that some of my Iot devices could be attacked or turned into zombies by checking the logs on my primary router regularly I probably would see that is happening and disconnect them. By having separate networks it would be very difficult for my Iot devices to compromise the security of my trusted devices.