Can we trust manufacturers.

keith

I have a great interest in the potential of iot devices, like Esprissif Systems products. 
BUT, I can't get away from the thought, these devices are gateways to everything I do.
Can fing help in this area, my limited understanding tells, it can't. 
If I let these devices live on my network they can do whatever they like, true or not. 
Is this a bit crazy? 

Pooh

If you're this worried then the first thing I'd do is segment the IoT devices into their own subnet (and possibly SSID). That way, even if a device goes rouge, it will only be able to affect the IoT network and not the one with your main devices on.

keith

Thanks for the subnet advice, I will keep it in mind.
My main consideration in buying the fing box was monitoring performance, insane young people's usage and intrusion. 
With our pathetic Mbps and unlimited data, the intrusion and performance are now the only items of interest. I live in hope of an infrastructure injection and seeing fixed wireless 50/25 or 100/50 one day. 

jacix

I'll echo what @Pooh said: segment those suckers.  A good firewall will let you run as many subnets as you want, and with VLAN tagging it'll all run over a single wire.  I'm running a pfSense firewall, which sends tagged traffic over powerline ethernet (I just posted in the thread about my experience there) to an EnGenius access point that understands VLAN tags, so setup was a breeze.  I have a dedicated subnet/VLAN/SSID for the IOT gear I don't trust, which is all of it, and I'm considering creating more subnets to keep the different vendors apart.  None of these things are on my internal network so even if the manufacturers are malicious - or their software gets exploited - there's nothing for them to see.  The miscreants can try all they want, but they're not going to get anything from me.  

Gidster

jacix said:

I'll echo what @Pooh said: segment those suckers.  A good firewall will let you run as many subnets as you want, and with VLAN tagging it'll all run over a single wire.  I'm running a pfSense firewall, which sends tagged traffic over powerline ethernet (I just posted in the thread about my experience there) to an EnGenius access point that understands VLAN tags, so setup was a breeze.  I have a dedicated subnet/VLAN/SSID for the IOT gear I don't trust, which is all of it, and I'm considering creating more subnets to keep the different vendors apart.  None of these things are on my internal network so even if the manufacturers are malicious - or their software gets exploited - there's nothing for them to see.  The miscreants can try all they want, but they're not going to get anything from me.  

Sounds like this needs a lot of specialist knowledge. Are there solutions out there for the less technically confident who have security concerns?

Pooh

Gidster said:

Sounds like this needs a lot of specialist knowledge. Are there solutions out there for the less technically confident who have security concerns?

A simple answer might be to utilize the Guest SSID if your AP\Mesh supports it.

keith

Some harsh words re Google and us.

From "The Australian" newspaper today.

"Australia’s consumer watchdog is taking on Google in the Federal Court, in world-first action alleging the tech giant misled consumers about the location data it hoovered up.

Mr Sims alleged that Google also misled the public about “the nature, characteristics and suitability for purpose of the Android operating system, Google services and Google Pixel phones”.

AND is this comment by David Swan in the same newspaper correct.

"In 1999, the company had a line in its privacy policy, that it “only talks about our users in aggregate, not as individuals.’ That line was removed three months later, and 20 years later is a stark reminder of just how different the Google of today is."

It's not worth worrying really, is it,