10

I have a bunch of IoT switches connected to my Wi-Fi.

I am aware of three possibilities to connect and control them.

  1. Through the Wi-Fi directly (like Samsung SmartThings does)
  2. Connect them to a personal VLAN and use them (seems more secure).
  3. Connect all the devices to a Raspberry Pi (or something similar) like a master and connect the devices to it.

Which one would be the safest (most secure for IOT) comparatively?

Are there any better solutions and how difficult would each one be?

Ola Ström
  • 133
  • 1
  • 1
  • 6
Prashanth Benny
  • 545
  • 3
  • 20
  • 2
    What kind of switches do you have? – Helmar Feb 23 '17 at 17:06
  • something of this kind. and ignore the alexa – Prashanth Benny Feb 23 '17 at 18:18
  • How do you plan to implement the VPN? Not sure I understand if what you're proposing is feasible... – Sean Houlihane Feb 23 '17 at 23:38
  • @SeanHoulihane VPN seems to be a bad idea. but my intention was to implement a VPN as small as a home network.(Once inside the house, you control everything) – Prashanth Benny Feb 24 '17 at 05:12
  • Prashanth, what do you mean when you talk about "safe"? Are you referring to security? – anonymous2 Feb 24 '17 at 13:13
  • @PrashanthBenny Reading the comments, you have ruled out half of that you wrote in the original question. (Alexa and VPN). I think you could update the question so it reflects your current thinking.... – Sean Houlihane Feb 24 '17 at 15:28
  • @SeanHoulihane Removed alexa. but VPN still remains a possibility! – Prashanth Benny Feb 24 '17 at 15:35
  • 1
    A VPN with a solid gateway might be a solution for enabling traffic from outside the local network, but don't assume it will do much to protect the local network and the devices from each other, since rogue (or simply buggy/misconfigured) code could use the network directly and poor code might accept traffic not part of the VPN. – Chris Stratton Feb 24 '17 at 18:02
  • You still haven't told us anything about what you want to achieve. There is not really a question here. – Sean Houlihane Feb 26 '17 at 20:47
  • @SeanHoulihane I just need to know the most secure way, so that not even James Bond should have access to my IoT network, unless i grant access. – Prashanth Benny Feb 27 '17 at 06:36

2 Answers2

8

John is on to a solution that should work. Another alternative is to run all your IoT devices on a WiFi guest account, and everything else on the main account/password. This is a simple way to separate your smart devices from your computer network. It's a less sophisticated method of security but a lot easier to implement.

Great Artiste
  • 81
  • 1
5

I think what you want is a VLAN, not a VPN. A VLAN can be used to isolate your IoT traffic from the rest of your networking devices.

A VLAN is a way of telling your networking equipment (your router) to treat certain wires to behave like they are a completely separate network, behind a firewall and dedicated to communicating in private. Some of the more expensive home networking routers can be set up this way, but setting it up complex, and will be different for each router.

You could put all the WiFi IoT devices on one VLAN, and set up your firewall so that your IoT network can't communicate with your home computing network. You would bridge the gap between the networks with your home automation hub. That way your smart phones and PCs could reach your hub to control the devices, without actually having to talk directly to the devices themselves.

John Deters
  • 2,552
  • 12
  • 21