Security in IoT deevices


#21

Some firewall allow upnp to be enabled for specific devices / IP addresses.

Look, security is something that makes us feel better at night. Like locks on our doors. It's not going to stop someone from breaking in via a window but bricking up the window blocks the view. Is that a builder problem? No.

Enjoy the view, have your hub lock the doors at night and rest easy you are miles ahead of most.

Nash's principle of equilibrium is in full effect. Don't make yourself the weakest target but also don't pretend to be Fort Knox.

In a previous life I had a client that did security testing so they built a fence around an empty piece of property and pointed cameras at the center. You'd be shocked at how many people tried to breach the fence. Just to get in.


#22

It's not about being secure or cost Knox. Is about gaining time when people try to break in.

From a psychology stand Point your attention to something has a duration span. Some is a few minutes others hours.

For for sake even the companies that more spend in security are hacker.

Ok the end is not about ano gets in but ano stays out.

By your exemple you would use lock on doors than

The Person that tries to break in through your door is not the same as the who look through your window.


#23

Install IDS and get alerts when potentially malicious activity is going on. Even block it.

Or set up a Honeypot subnet that is easy to get in but leaves the real stuff hidden.

It's like leaving amazon boxes on your front porch filled with junk you want to get rid off. Eventually someone will come along and take it. (Seriously, don't do this, they get angry, know where you live)

The fact that there is no truly secure consumer network means it's about your comfort level. Your peace of mind.

Most people add a security system after they have a break in. Yet, security systems are really good at false alarms. The sign in the front yard is far more effective.

I have almost 20 water sensors around the house because I had one massive leak in a spot I didn't plan for. I know I missed some. And it's painful having to replace batteries every year or so. But it's peace of mind when I get a notification of water under my daughter's sink. Granted she was cleaning. But still. Peace of mind.

Again, I could set up flow monitoring, auto valve shut off, leak detection and more and probably will someday. But thanks to a $3 float valve my pool kept filling itself to the tune of $2k+ water bills. Simple fix, fill the pool when it gets low.

Again, security is about peace of mind.


#24

I really like Ubiquiti, their UniFi wireless is really good, take a look a this article:

I use 3 UAP-AC-PRO and a UAP-AC-Lite at home for my wireless mesh, with wired uplinks to one of their PoE Gigabit switches, its rock solid and quite fast and their controller is really good, love the level of insight on my network... For what's suggested above you'll need an UniFi Gateway, thats the only thing that's not Ubiquiti in my network but I have a similar solution using a Watchguard XTMv virtual appliance with a dedicated IoT VLAN and SSID...


#25

Yeah... The USG is their WORST product...

Sorry, but they should not be configuring AVAHI internally to reflect mDNS packets to the WAN... This is simply BAD security - arguably worse than what they are protecting against in the first place...


#26

Interesting, didn't notice that, fully agree. Why would they mirror into the WAN? That does not make sense... As mentioned I don't use the USG, the Watchguard is a lot more configurable so I have full control over where to send those packets...


#27

Same here. All UniFi, except my security gateway (Untangle server here - but there are many good options depending on your needs).

Love their APs. Like their switches (although there are a number of issues with them in some scenarios), but dislike their USG very much.

To be fair the USG has gotten MUCH better since Chris came over from pfSense, but it still isn't good enough for me to use it.


#28

Guys my mesh network is Orbi. Not going to buy another mesh system :wink: The other half would burn me alive lol
But is really interesting for who owns those systems or thinking in acquiring one.


#29

I have an Orbi system too. :slight_smile:

Granted it's in the box in the closet, it's is a nice system, though. I need to sell it - it isn't typical for me to horde (my excuse is that it's in the closet so I don't see it).


#30

I only use 1 out of 2 satellites. Their range is insane. Even on very bad house built.
I first had Google Wifi and it was crap on coverage.

Ubiquiti was not an option on my part of the world at the time :confused:


#31

What version do you have?

By the way last updates improved the product drastically.


#32

Wait a sec I think I just found a way go solve my prob.
Lol

I do have a spare sattelite on the box. That sattelite has a Ethernet port lol.

Will be a little too much coverage but whatever lol :joy::joy::joy::rofl::rofl:


#33

I'll double check when I get home. I'm sure it is whatever the most expensive one is, knowing me... lol.

I agree. I was looking at one of my friend's Orbi the other day, and the firmware stability has improved a A LOT in the last year.


#34

I tried many of these mesh systems including Orbi, Plume, Google WiFi, Linksys Velo, etc. All went back as I could not find one that would give me the level of configurability I wanted, mainly with wired uplinks and my own firewall... Orbi was really nice though but focused on the wireless uplink, great for people who can't use wire but not for me...


#35

Yes.. they have recently launched a pro version that should bring that configurability. Haven't seen the reviews though