Holes In My Security - AC1900 Nighthwak & IoT
Win10, R7000 (V126.96.36.199_10.2.64)
Hey, gang - I recently got a Wemo smart plug and noticed that even after installation, it broadcasts an SSID. It got me thinking and, poking around, I see my HP printer does the same. This got me thining some more. I have 27 devices connected to my network including Amazon devices, smart plugs, smart hub, phones, laptops, thermostat, Roku players, printers and a lone chrome cast all on a single network. It can't be healthy security-wise.
I have been reading a bit and find it a little confusing so I am interested in what this community thinks about solutions. A second router and, if so, what would you recommend? Using the current modem's VLAN options and, if so, where do I need to start reading about proper setup methodology? A third or even more options?
Thanks in advance,
Rif.: Holes In My Security - AC1900 Nighthwak & IoT
I am in the same situation...
I have some concern about the trustness of all the different IoT/Embedded devices, which could be almos easly hacked.
In particular for old network printer, tv, blue ray player without updates since years.
I was looking too for a solution, how to separate the network for the embedded devices connected to internet from the most secure local network.
Actually I did not found any solution using the standard firmware of my netgear routers.
The only way would be to make really a segmentation using or the guest network (however loosing the opportunity to get direct access to the device through LAN)
The most complex but more reliabe solution would be to have two wifi router (or modem + router)
In the first network (modem) you keep the unsafe network (i.e. 192.168.0.0/24)
In the second network (behind the router with NAT enabled) with different network IP broadcast (i.e. 192.168.1.0/24), you keep the safe network
Note: you have to set in the first router/modem the static routing to the safe network
Drawback here is the increase of the ping latency, and you need two routers
To be mentioned, people could also play with solutions like pfsense on a RaspberryPi... You need at least VLAN functionality (not available on standard netgear Nighthwak routers)