Best security practice

THE ALM

With the ever growing list of products and developments in the I.O.T. and smart home front and the internet in general, it has me wondering about and reviewing my security from the smart home side of things.

From general physical access to equipment to locking down systems from outside attack, could I be doing better?

While I do try to limit things to the local network it is no always possible to do this and cloud and remote access will be needed.

While I am no expert in this front, I do tend to do a bit of research and follow what is happening in the area but feel that I should be doing better.

Are people people installing products and leaving it at that? Are there products we should be avoiding?

I would appreciate hearing from those with more knowledge in this area than I and it might be worth a sticky for those in a similar situation as this is an ever growing market and would be helpful to see what best practice is, a general do's and don'ts.

Thanks all

eusap

For me the simple approach is to make sure you change the default user name and password on any device connected to the internet.

Depending on the device it is sometimes possible to change the user name from Admin to another name, and then choose a strong password

I also have a Cisco Meraki router/firewall (supplied through work) and from that dashboard I can see all traffic going to/from each device on the network to the internet. Very useful to see if a camera or laptop or IOT device is hacked and being used during the day when nobody is home.

goose06

Pick up a reputable home hardware firewall appliance (Meraki, Watchguard etc) or build a free one using Sophos home utm and an old PC and put it between your network and the internet depending on your internet provider you may be able to configure the firewall as your internet gateway.
Devices would be around 300 or free depending on you being confident enough to tackle Sophos option. Always amazes me when people freak-out at the cost of a firewall but wouldn't bat an eyelid and spending the same money on light bulbs or a couple of nights out

THE ALM

Some useful advice there for people and the Sophos looks like an interesting piece of software for free.

Have started down the Ubiquiti route myself so the security gateway is on the list of additions.

bk

Some excellent gear and recommendations there.

One thing though is that we are increasingly heading down the route of devices that make at least some use of cloud services. And in that case you have to rely on the companies security rather then your own.

As a result, if security is a big concern, then I'd stick to companies who have a good track record with security.

Not at all exhaustive list, but folks like Google Nest, Philips, Logitech, etc. look good.

Not that they are perfect, they have had incidents, but I was impressed with the way they handled those and responded to them. Anyone can make a mistake, it is how you deal with it shows a good company or not IME.

Cheap Chinese gear I'd be more cautious of and kickstarter startups too.

Of course most electronics is made in China today, so no disrespect about that. But the question is about who is writing the firmware, software and services and where they are being run.

One thing you need to consider, well what is the worst that can happen and make choices based on all. Despite everything I've said above, I'm happily using the Xioami cheap as chips "security" system. So you do need to take it case by case.

Of course important to use the normal security recommendations:

- Use a completely different password for each service. A password manager app can help with this.
- Limit as much private details you share with them.
- Change default usernames and passwords where possible.

Wossack

If I had any, I'd go for a separate vlan for HA wifi devices