Darknet Diaries is a podcast I listen to, that talks about all the shady shenanigans that go on in the web. Recently heard this particular episode that should be worth your time: https://darknetdiaries.com/episode/172/. It talks about Set Top Boxes (STB) that people buy and connect to TV, to watch any program for free!
Note that using such streaming service boxes can make you an unknowing participant in DDoS (Distributed Denial of Service) attacks! While we should avoid using such STBs altogether, the proliferation of IoT (Internet of Things) devices like fridges and washing machines that get added to our home WiFi network, make our home network vulnerable. This is especially true since most of those devices don't get regular security patches (unlike our computers). So, thought will suggest making at least one simple change to your home network, hardening the architecture for safety.
Instead of keeping your home WiFi as just one network, create three VLANs (Virtual Local Area Network) for your home.
- First VLAN is for all your PCs, Laptops, Printers, phones and tablets. These are devices that get regular security updates and should be trustworthy.
- Second VLAN is for all your IoT devices such as TVs, STBs, thermostats, washing machines, fridge, security cameras, smart speakers, doorbells, etc. These are equipment that have started connecting to our home network in the last decade, shall we say unnecessarily? While it may be convenient to get a notification that your dryer has finished drying clothes, it opens up one more, usually low security, window into your home network. Perhaps it is worth questioning the zeitgeist to limit the number of such devices we add.
- Third VLAN is for visiting guests. You can even have a QR code for the guest network posted somewhere inside the house for people to scan & connect their phones or laptops while they are in your home, so that you don't need to give out your main WiFi network's login credentials.
If you are not a techie, don't let the terms like VLAN worry you. This doesn't involve buying new equipment or asking your ISP (Internet Service Provider) to do anything. It is a fairly simple reconfiguration of your home WiFi router you can do it yourself following the instructions found in the WiFi router user manual.
Most modern WiFi routers come with this option that get setup as three different SSIDs (Service Set Identifier, which is the name of your home WiFi network). Thus, if your home network is called SundarHome, it may suggest adding SundarHome_IoT and SundarHome_Guest as two additional SSIDs that automatically create the two additional VLANs to keep the traffic separated.
Once they are up, you can reconnect all your IoT devices to the second network and you are done. Let us say one or more of your IoT devices or your guest's phone or laptop are compromised. While they attempt to scan your home network and access available devices, they will only be able to see other devices in the same VLAN. They can't see computers/devices connected to the other two VLANs. This separation improves security considerably.
If you want to be even more secure while using your PCs, you can consider getting a VPN service subscription and use it consistently. But that is for another day!
If you are already doing this, or have better ideas that are easy to implement, PLMK.
No comments:
Post a Comment