Wireless Sensor Tags Protect Against Freezer Failure


(Simon) #21

In principle you can mitigate the security risk of opening up that incoming port by setting up the router in such a way that it does not allow the IoT device to communicate with any other LAN devices on any ports. That way, even if an intruder were to able to hack it, they cannot then use it against your LAN clients (it could in principle still be used against WAN clients, think botnet).

Alas, I believe this is something AirPort software does not allow you to do. IIRC you cannot set it to pull up a firewall between one LAN client and all the others. You’d actually have to resort to using two entirely separate LANs where one exists only for the IoT device and the other is your actual AirPort network for your Macs, iOS devices, etc.


(Marc Z) #22

Couldn’t you just put it on your guest network? That way it would be isolated from the rest of your computers, but still connected to the internet. That’s what I do for my smart thermostat.


(Simon) #23

I don’t think you can open up a port for incoming traffic to the guest network. I think Adam’s issue is that basically his IoT device needs to be reachable from the WAN. That requires opening up a port to that device.


(Adam Engst) #24

Indeed. @Simon is right. The Ethernet Tag Manager is on my Ethernet network, and doesn’t do anything via Wi-Fi, so the guest network won’t help here. But using it for IoT devices that do connect via Wi-Fi is a smart security approach. @jcenters—would using the guest network be a good thing to do for your Wyze Cams?


(Al Varnell) #25

The guest network would need to be protected by a strong WPA2 (soon to be 3) password to prevent it being used to spy on your home, which is generally speaking the biggest abuse observed of such devices. That’s good advice for any guest network, of course.

-Al-


(Paul Chernoff) #26

A 3 router solution might be best. The initial router (often supplied by the Internet carrier) should have Wifi turned off. Then 2 more routers each with Wifi on, one for computers/iOS/smartphones and the other for IoT devices. This is to keep IoT crap separate from your regular network. The reason for this setup is that for many routers the guest network traffic is not kept completely separate from the regular network. There are routers that are good at separating traffic between he different networks they set up and wouldn’t require this 3 router setup.