Hey all
So I have a few IoT devices coming on - water level sensors, temp sensors, things like that that my facilities guys need to be able to access. My main VLAN contains about 20-30 devices, all mac or iOS. I have a couple synology servers which are as secure as they can be in terms of all best practices followed. I guess Im wondering if i should be at all worried about somebody somehow getting access to the IoT stuff. Id love to have it be easy for my guys to check all their sensors and things without having to jump on another SSID/VLAN combo. Is there something else you can do to somehow mitigate the chance that a device could be compromised? Most of them seem based on Espressif hw/sw solutions. They seem pretty legit. Anyways your thoughts welcome.
What brand are the IoT sensors?
Some Amazon stuff
Meross smart home AC outlets
Espressif makes an air quality sensor and a temperature sensor for a walk in fridge.
Some printers - brother and HP
Newport Media makes a sprinkler system controller called Hydrawise
"SHENZHEN FUZHI SOFTWARE"
Sonos
Wyze
The "S" in "IoT" stands for security ... 😉
I don't trust these devices at all and try to put them in a separate WLAN and VLAN if possible. For some devices where the controlling device needs to be in the same IP subnet as the IoT-device, I put them in the same VLAN, but control access on then WLAN itself. One of the MPSK-solution (both with or without RADIUS) can be of great help here.
@KarstenI in your opinion, whats the most likely threat posed at this point? I wont have enough to make a bot net to be DDOS'd inside my network, and everybody here uses Macs and iOS which is pretty solid as far a I understand in terms of attack surface. And then I have advanced security on my MX68.
The most likely threat.....? What do you have on your network that needs protecting? Sensitive data, financial data etc etc?
I would ensure that these IoT devices are segmented away so should the worst happen any lateral network movement can’t happen.