What’s the best way to create a separate network for my smart home devices like the FBI is recommending?
This question was answered on December 26, 2019. Much of the information contained herein may have changed since posting.
The FBI office in Oregon chimed in on the security issues associated with IoT (Internet of Things) devices (http://bit.ly/2SrRkp4) that millions are installing around their homes.
Everything from thermostats to lighting systems to doorbells and major appliances are connecting to the Internet and the FBI is warning that these IoT devices could be the gateway that allows cyber thieves to gain access to your router and everything attached to it.
IoT device manufacturer’s track record on security isn’t great, which is why we’ve seen a myriad of vulnerabilities discovered in popular webcams, doorbells and smart TVs just to name a few.
Keeping them on a separate network makes it rather difficult to get to your computers from a compromised IoT device.
Option 1 – Two Completely Separate Networks
The most secure, but least cost effective approach is to actually have two separate Internet connections with each using their own router.
You can either contract with your current ISP for a second connection or opt for a second connection from another ISP if you want a little outage insurance.
Option 2 – One Router, Separate SSIDs
Most current routers have the ability to setup a wireless ‘guest network’, which is separate from the primary network. To activate this option, you’ll need to get into the router’s settings and look for a reference to guest access or guest network.
To access these settings, you’ll have to know the administrative username and password for the router, which can be accessed via a web browser or an app if one is available for your device.
If your router has an option that allows guests to access local network resources, make user to turn it off. In some cases, your device may use the term ‘Isolate’ which accomplishes the same thing, which is to keep anything connected to the guest network to access anything other than the Internet.
There may be additional security options available, such as blocking access to the settings menu from the guest network, so be sure to thoroughly review all of the security settings available.
Option 2 – Two Separate Routers
The most complicated approach is to use a single Internet connection but two separate routers that are properly connected and configured. Connecting them improperly won’t achieve the security goal of isolating your IoT devices and depending upon the two devices you’re connecting, there are going to be a number of configuration steps required as well.
This isn’t something that I’d recommend you attempt unless you or someone that is helping you is network savvy.
No matter which approach you take, make sure you change any default passwords on all of your devices, make passwords as long as you can and don’t use the same password on everything.
Make sure you have checked for firmware updates on your router(s) and IoT devices to patch any known vulnerabilites and turn on auto updates when available. If updates aren’t automatic, create a calendar reminder to check for updates at least once a quarter.
About the author
Ken Colburn of Data Doctors on December 26, 2019