Securing Wyze Solution (or any IoT solution)

Hronos
Hronos Member, Beta Tester Posts: 289
100 Likes 100 Comments Second Anniversary 25 Awesomes
✭✭✭✭
in Devices & Security #1
Hi, I know there is a Wyze community already where to search/ask and find information and troubleshooting of this brand/kind of devices.  But, this discussion is meant to be a place for Ideas and quick review of the things we want/need to do, including IFTTT applets and other automation that can be made.
I hope you guys don't be mad at me for this xD, but I am kind of engage on SET the devices a acquired in the most "reliable, secure & easy (if posible)" way.

As per the first topic to discuss, I have already set up all my devices and they are: 4 bulbs, 2 contacts sensors,1 motion sensor, 1 Pan Cam, 1 Cam v2 (just miss the plugs because they weren't available at the moment of purchase  :p ).
I have played around with some automation from within the WyzeApp and IFTTT as an alone service and in combination with Location and Fing services. (I have lots of questions on this specific topic, but there is something for the next time).  My concern this time is "security".  I have read a lot of you guy/girls than you prefers your IoT devices isolated from your "personal" devices, so.. how to accomplish that?
First with NO more equipment than the already existing on a average network (as per modem, router, AP's/mesh nodes, FingBox).  Second with the least change on network equipment.  And Third the most over the hill solution the experts could think xD.
Keep looking up!
Tagged:
VioletChepilCiaran

Comments

  • daved2424
    daved2424 Member, Beta Tester Posts: 15
    10 Comments 5 Likes Name Dropper First Anniversary
    ✭✭
    #2

    Great question. I am looking to do just this.

    it would be neat if a Fingbox could somehow do this for you. Home networks are getting ever more complicated and what home users actually need is some kind of VLAN management, but this is way too complicated for the average user (including myself) to be able to understand.

    Even most moderate home-networkers now have so many devices on their network that you really want to be to restrict that traffic. Do your guests only really need internet access, or would it be nice if they could see your Hue Bridge too? They certainly don’t need to be able to see my NAS. There are so many combinations of how you might want traffic to be managed but as far as I can tell no one makes a device that easily allows you to do this.

    HronosVioletChepilBov
  • Bov
    Bov Member, Beta Tester Posts: 2
    Photogenic First Comment
    #3

    Can I suggest a viewing of the Three Dumb Routers solution that was on twit.tv some time back.

    It is by no means a perfect solution, and it does require some additional hardware (albeit the cheapest dumbest routers you can lay your hands on) but it was a solution implemented and it was quite fun and interesting learning.

    i ended up buying another FingBox to ensure both my networks were covered.

    https://youtu.be/4TOFwFHm8SA

    HronosVioletChepil
  • Alderete
    Alderete Member, Beta Tester Posts: 16
    10 Comments 5 Agrees First Anniversary Name Dropper
    ✭✭
    #4
    One way or another, your network equipment (probably your router) needs to isolate your IoT devices from your real, personal devices.

    If your wireless hardware supports it, you can create a "guest" network, and put your less trusted devices on it. If those devices don't need to talk directly to each other, or you, but need to be able to connect to a cloud-based service, this might work. But if devices need to communicate locally (on your home network), this won't work. (But it's still a great solution for your house guests.)

    The "traditional" solution (that is, beloved by network engineers and incomprehensible by most others) is to create an isolated network, either physically (expensive, problematic) or virtually using VLANs (free if your network hardware supports it, expensive/impossible otherwise). Both require you to set up mechanisms to "route" network traffic between the networks. (If you want to be able to access your camera, Sonos, or whatever you've jailed over in the other network.) Those mechanisms are...complicated to understand.

    The latest solutions are things like Eero's protection service, Eero Secure (available today), or Apple's new HomeKit for routers (available ???), https://www.engadget.com/2019/06/03/apple-homekit-secure-video-routers/. That's the best bet for "mere mortals".

    Where Fing fits in all of this, I'm not sure. So far as I've been able to tell, Fing doesn't support VLANs. (It certainly stops seeing the devices I've moved to my IoT VLAN.) And since it's not "in the middle" of your network traffic, it's hard for it to participate in the isolation. I think the best it can do today is disable rogue (unidentified) devices from using your network.
    HronosVioletChepil
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    #5
    Hi @Bov the video is quite nice and well explained, as per the 3 dump router solution is a very nice one if you have those ones around.  (I have not :( but maybe I can arrange to get them for the chip)
    Keep looking up!
    VioletChepil

Categories