And more importantly, which should you not trust?
This post is the fourth in a series on how to make your home network harder to attack. Here are links to posts one, two, and three.
Now you might think the question in the post title is a bit strange - after all, these are you devices, so you'd think that they're all trustworthy. You'd be wrong. There are at a minimum two different categories of trustworthiness:
Your main computing devices. These are computers (duh) such as laptops and desktop computers, servers (a future post will talk about why these can be useful to you, and your cell phones (which are nothing but tiny hand held computers).
Now I've been in security for long enough that I get a bit twitchy about mobile phone security (I'll address this in a future post as well). However, that ship has sailed and even a security nerd like me won't bother making a separate network just for these. So they're computing devices for this discussion.
Then there's everything else. It's surprising how any Internet-connected thingies there are these days. Ring doorbells, Nest thermostats, online appliances (fridges, washing machines, etc). At this point the Borepatch from four years ago would have told you to just walk away from all this nonsense. Don't Internet-enable anything in this category.
Today's Borepatch sighs and tells you that this is coming to a home near yours. It's here in my home. No, not the thermostat (which was installed by the previous owner and which I have not connected to the WiFi). However, the TVs all come with streaming apps for Netflix, Prime, and Youtube (among dozens of others). And The Queen Of The World reminds me that the kids like to stream when they come and visit. She likes it when they come and visit, as do I. And so we have to do something for these devices.
Fortunately, you don't need any new kit to do this. If you remember from the last post on water tight compartments, you don't own the Internet box from your network provider. Basically, you can't trust it, so you install a new firewall box running DD-WRT. It's trustworthy because you own it and have your own software and configuration on it.
All of your main computing devices connect to it's WiFi. All of the other devices (doorbells, thermostats, TVs, appliances) connect to the WiFi from your network provider's box.
What you've done is to put a firewall between your computing devices and your untrusted devices. It doesn't matter if your TV gets hacked because it can't get through your DD-WRT firewall to your computers.
Likewise, your TV is at least somewhat protected from the outside world because it's behind the firewall in your network provider's box.
No comments:
Post a Comment