1477
Can IT confirm? (lemmy.world)
submitted 9 months ago by Stamets@lemmy.world to c/tumblr@lemmy.world
407 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] EatYouWell@lemmy.world 30 points 9 months ago

I'm an IT professional, specifically in infosec, and it's silly to go to those extremes. I have tons of smart home devices, and they're all perfectly secure since I run Home Assistant and block them from the internet with a firewall.

[-] CosmicCleric@lemmy.world 4 points 9 months ago

block them from the internet with a firewall.

Do they tell you in their manual what ports they work with, or is there a website that will let you know based on a product?

[-] alphafalcon@feddit.de 7 points 9 months ago

The good thing is that you don't need to know which ports to block. You just set your firewall up to deny by default and then start whitelisting the things you want to allow.

Even easier if you put your "smart" devices in a separate network, then it's just:

  • Allow traffic from home net to Internet
  • allow traffic from home net to iot-net
  • drop the rest

Now you can surf the internet, control your devices and they can't phone home

[-] linearchaos@lemmy.world 3 points 9 months ago

There are a lot of things that won't play by those rules. A roomba will tell you to f right off without internet access. You have to pick and choose your hardware or make concessions to what can access the outside.

[-] whofearsthenight@lemm.ee 1 points 9 months ago

Probably implied in this person's post (which is what I do) is that you just don't buy things like that. I started with generic wifi devices which require internet and phone home. I moved everything over to zigbee. Another point is that if you trunk them into vlans like this, the problem with them phoning home is much less of a concern because they can't get much data more than when you turn the devices off/on which is pretty benign imo.

But even still, the main reason for doing this for me anyway would be less because I am worried about that data going to the companies (which is bordering on useless in this scenario for non-nefarious purposes) and more about reducing the attack vectors. If that company gets hacked, they have basically useless data. If one of the devices become an attack vector and allows someone into your network, it's trunked so there is no where to go...

[-] EncryptKeeper@lemmy.world 1 points 9 months ago

You can isolate devices without having to figure out which ports they use.

this post was submitted on 12 Nov 2023
1477 points (96.1% liked)

tumblr

3042 readers
234 users here now

Welcome to /c/tumblr, a place for all your tumblr screenshots and news.

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Must be tumblr related. This one is kind of a given.

  4. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.

  5. No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.

Sister Communities:

founded 1 year ago
MODERATORS
gedaliyah@lemmy.world