1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Increase Router Security by Assigning IoT Devices to Guest

Discussion in 'General Security' started by wizard999, Jan 19, 2020.

Thread Status:
Not open for further replies.
Advertisement
  1. wizard999

    wizard999 Thread Starter

    Joined:
    Dec 31, 2019
    Messages:
    5
    Now that I moved from RoboForm to LastPass (Thank you Leo!), I saw a suggestion to have two (2) Separate Routers Set Up in your home, both downstream from your ISP's single Modem. One Router for your PC's and Streaming, and the other for your IoT Devices. This claimed to reduce Security issues and help in other ways in addition.

    I do have 45+ IoT Device such as Wall Switches, Outlets, etc. throughout, not including everyday PC's, tablets, Mobile devices, etc.

    I currently have a single Asus RT-AC68W that is 4+ years old and still working. I actually attempted to go MESH with Asus last year, but it was a nightmare as I needed to return four (4) Different Routers from them as each had various failures within days/weeks.... Plus I upgraded Each time to a more expensive model...Thinking $$ would solve the problem... The Quality Control was awful.... But that is another story.....

    So now I heard a tech suggestion to place all of your IoT Devices on your GUEST Network, thereby reducing the chance that an intruder could "crossover" from the limited access on the Guest Network.

    Before I attempt this, as each device (45 Devices) needs to be deleted and reassigned to this Guest Network, I would like to hear if others have benefited from this, and does it just make sense?

    Thanks!
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,292
    Yes, isolating particular devices is prudent for security. But the first thing you need to consider if you're worried about intruders is the risk/reward of using these IoT devices. I selectively use certain products because many of them are akin to having your front door closed but not locked. All these interconnected cloud products are a security concern themselves. The recent Ring camera hacking incidents highlight this issue.
     
  3. wizard999

    wizard999 Thread Starter

    Joined:
    Dec 31, 2019
    Messages:
    5
    Thank you ZX..... And as I continued to research this, I found another basic issue I had not thought about. All of the devices I want to place on the Guest Network need to be accessed daily via my Mobile Phone, so I would need to change the WiFi to Guest for it too. And I am not sure what control functions / file access would then be not available to me on my mobile that I have access to now.
     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    You cell phone allows you to setup/remember many SSID's.. You can selectively attach to your Guest network when needed and attach to the main WiFi network when that is called for.
     
  5. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,292
    If the network is set up a certain way, you won't need to connect to a guest SSID to access the guest network from a trusted internal network/SSID. I have my network set up with varying degrees of trust where devices on the most trusted part of my network have full access to everything on the network. I have a mid tier segment which can gain access to the guest/DMZ/printer/media parts of my network but not the upper portions which house my servers and such. And the guest/DMZ/printer/media segments have no access other than talking out to the Internet.

    Going to this level requires more networking knowledge and proper equipment to achieve it.
     
  6. wizard999

    wizard999 Thread Starter

    Joined:
    Dec 31, 2019
    Messages:
    5
    "requires more networking knowledge " is what I knew was likely, but hoped for a practical / easy method to achieve both added Security and continued ease of access to the various IoT APPS without the need to change SSID each time it was required.

    Thanks again for your suggestions..... It's likely I'll will not encounter IoT Hacking in the near future.... I was just trying to be proactive if it was practical. Simply bringing my vulnerable old, low character passwords to higher levels should help.
     
  7. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    You need a proactive approach to security. And not fight day to day fires. Spend 2 hours changing the SSID of the devices will save you headache later. Hackers go whereever there is least resistance. And most IoT devices have bad security.
     
  8. wizard999

    wizard999 Thread Starter

    Joined:
    Dec 31, 2019
    Messages:
    5
    Moving all the IoT to the guest Account was not an issue.... until it was apparent I would need to manually change to its respective account in my mobile every time I needed to operate a device other than from our Alexa Devices. And I understand there may be some IoT that may not properly operate on the Guest Account due to limited functionality. I'll likely do a small test with various IoT here to determine if any issue arise... other than the need to change SSID every time I want to access a device.
     
  9. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,292
    Personally, if you're that worried about security with regards to IoT devices, I'd rank Alexa up there as a significant risk. Think about what you're doing. You're leaving a device in your home with a mic which is always on listening. Then you funneling various bits of information through it to be collected at the mothership...Amazon. Do you really think they're not running analytics on this information? Then there's the hacking angle. Someone figures out how to drop some malicious code into your Alexa device....you can fill in the rest.

    I'm as big a tech nerd as one can get. I refuse to use any of these types of devices and sparingly allow these devices on my home network.
     
  10. wizard999

    wizard999 Thread Starter

    Joined:
    Dec 31, 2019
    Messages:
    5
    Yes... I hear you.. It's basically down to balancing Security vs. Convenience..... I respect you caution, and I also never thought I would begin using a Password Manager that was Cloud based.... THAT worried me more. However with my old PM RoboForm making changes, and I heard Leo enthusiastically endorsing LastPass... (at the moment) and we took the leap. Is anything perfectly secure today... No.... (other than an "Air Gapped" device)
     
  11. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,292
    Or vote with your dollars and don't buy these devices. I have kept my cloud foot print to the absolute bare minimum.

    With the situation with security cameras, I paid extra and sat down to learn how to set up the system I have now. It's not cloud based so there's no need for it to talk out on the Internet. It has it's own NVR where video is stored. Again, so I don't have my videos being kept on someone else's server. These companies only understand money and dollar signs. If they see people are not buying these cloud based devices which sacrifice privacy and security, then they will start making products which don't depend on cloud services. I know how to provide Internet connectivity to any resource on my internal network and know how to do it securely. I don't need some company doing it for me.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1238944

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice