Right, thanks. But this can be easily resolved by:
Removing devices’ access to WAN, which also vastly reduces the external actor’s ability to compromise them in the first place.
Isolating devices from each other with internal firewall rules, allowing them to only interact with the hub host.
Is this correct, or am I missing something?
With a good router, it’s not that hard to do. But even then it took me a long time to get around to setting up the separate network, and I don’t think I’ve migrated all of my devices over to it still (some got moved, new ones go there, but there are some older devices still sitting on the original network). So, yeah, there’s definitely extra effort, and it’s not really fun like getting that new smart device integrated. I will say the stuff on that network works perfectly - I haven’t noticed any side effects.
Oh I did allow them access to the pool ntp server so they can pick up the correct time, and some require temporary access to the internet while setting up (the linknlink RF device needed it to download the Home assistant version of their firmware, for example).
ZigBee/Thread are just better for this, you’re protected without doing anything.
Requirements like the ones you listed above make widespread adoption impossible, short of forcing routers to have a separate IoT network and forcing devices to use only that, with all the issues that may prop up along the way.
Good luck explaining how to do any of this to my parents, for example. For someone with a technical background that’s feasible, for someone with an it background it’s even easy. For the other 90 or 95% of people who are actually supposed to buy and use these things, it isn’t. They don’t even know something like this can be done, let alone that it should be done.
Let’s say your lightbulb(s) become comprised. A bad actor now has a toehold into your network.
Maybe they run a spam relay through the bulb. Maybe they attack your network by attacking the printer that hasn’t had a firmware update in years.
Point is, there’s someone with access to your network that isn’t you.
https://old.reddit.com/r/Ubiquiti/comments/1fjspoc/what_is_the_point_of_having_a_separate_devices/
Right, thanks. But this can be easily resolved by:
Sounds like an admin job I don’t want to do.
With a good router, it’s not that hard to do. But even then it took me a long time to get around to setting up the separate network, and I don’t think I’ve migrated all of my devices over to it still (some got moved, new ones go there, but there are some older devices still sitting on the original network). So, yeah, there’s definitely extra effort, and it’s not really fun like getting that new smart device integrated. I will say the stuff on that network works perfectly - I haven’t noticed any side effects.
Oh I did allow them access to the pool ntp server so they can pick up the correct time, and some require temporary access to the internet while setting up (the linknlink RF device needed it to download the Home assistant version of their firmware, for example).
ZigBee/Thread are just better for this, you’re protected without doing anything.
Requirements like the ones you listed above make widespread adoption impossible, short of forcing routers to have a separate IoT network and forcing devices to use only that, with all the issues that may prop up along the way.
Good luck explaining how to do any of this to my parents, for example. For someone with a technical background that’s feasible, for someone with an it background it’s even easy. For the other 90 or 95% of people who are actually supposed to buy and use these things, it isn’t. They don’t even know something like this can be done, let alone that it should be done.