This week’s Internet of Things Podcast is a bit different from our typical format. Instead of discussing a range of topics and sharing a guest interview, we’re tackling the question we get so often from our listeners who are rightfully concerned about their home network security with smart devices installed: Should all of these webcams, smart locks, thermostats, and other devices be segmented to a guest network?
On the surface, that sounds like a smart idea. The main reason is that any compromised smart devices won’t be able to infect computers and other things on your primary network. A secondary reason is to limit access to your smart home when guests are over.
So here’s what we did: We both created guest networks in our home and migrated all of our smart devices over to them. And we found out some very interesting things. For starters, we didn’t lose access to any of our devices through this setup, which is good. However, we also found out that the reverse situation is a bad one. When on our guest networks with devices on the regular network, we still had access to many of them unexpectedly, which is bad.
Our takeaway is that if you want to put your smart home devices on a guest network, that’s fine but it may not add much more security. In particular, if your smart device credentials are stolen, as was the case with recent “hacks” of the Ring and Nest systems, this setup won’t really help you. We’re thinking that using a network monitoring system such as a Firewalla is a better solution. And better yet would be installing a router that supports VLANs, or Virtual LANs, for your smart home devices. Tune in and let us know what you think or if you have additional related network concerns or solutions.
Hosts: Stacey Higginbotham and Kevin Tofel
Podcast: Play in new window | Download | Embed
Subscribe: RSS
Hi Stacey & Kevin, Thanks for tackling this topic. I’m not a network export but I think the most you can expect from a guest network is to split your *local* lan into two segments. Both can still route to the internet so if the iot vendors provide some kind of remote connection capability then you’d expect devices to be able to find each other whichever segment they are on. I think vlans would be similar in that respect, maybe more hardened and able to support multiple network segments instead of just two. Still, even if segmenting can only prevent a hostile device from seeing all of your local devices and their ports that could be helpful.
Good topic. Surprising findings.
I have wondered about similar problem.
Did install the Edgerouter and setup 2 separate LANs, one for personal and one for guest/IOT.
Was a bit difficult to set up but YouTube helped.
Only issue i find is the setup of antennas.
WSH