Is anyone using VLANS at home?

Nazbit

Nazbit

Nazbit

Soldato
Joined
11 Dec 2004
Posts
3,871
Hi,

I've always wondered in the growing world of the internet of things, whether we should be ring fencing these devices.

I have quite a lot of home automation products like wemo, hue and ring. In addition to the usual smart TVs games consoles and everything else.

I've always wondered if these devices which are exposed to the internet bring with them the risk for additional exploits and vulnerabilities.

Would it be sensible to VLAN them away from laptops and computers?

The reason for me asking this now is that in the new year I'd like to ditch my wireless battery cctv cameras for a proper IP camera set up. This will mean running poe lan cables outside and whilst I'm sure the risk is very small, these could be used to gain access to the network.

So I'm wondering should I VLAN the ip cameras together and then another for computers and laptops and a third for IOT enabled devices?

Is this complete overkill? I don't want to over complicate things and be constantly troubleshooting, but I'm sure we will see these devices compromised at some point.

Looking forward to hearing your thoughts.

Thanks
 
I run a separate VLAN for IoT traffic I don't want on my home LAN. Arguably it should be on a separate interface, but it does for now. Was too easy to setup on the Edgerouter/UniFi controller!
 
Dunno about VLAN's protection. but my router gives me guest wifi. I put IoT on that and my computer, laptop, networked HDD etc on my main network. Of course both network are all password protected and I run firewalls on all of my systems with access limit and so on.
 
Thanks for the replies. I've been doing more research.

I also have a guest ssid on my router with the option to firewall ithe separately, not using it at the moment though.

I'm going to get the loft boarded out early in the new year and then I'll run some cables for ip cameras and maybe some ubiquiti access points to sort out my coverage.

Probably split three ways, cctv, computers and then IOT / media devices.
 
Yes, keep garbage IoT devices and outdated-as-soon-as-they-ship Android TVs away from the machines you do actual work on. I also separate off the phone that my work provided me to make QoS easier and keep it off my network as I don't know how good they are at applying firmware updates.
 
If your hardware supports VLANs then I think it's fairly sensible to segregate certain bits of your network from IoT devices.
 
Plenty O'Toole said:
Guest Wi-Fi yep. I don't bother segregating devices though purely out of ease if I want to stream to a TV in the house etc.
Click to expand...

You still can - IP helpers can ensure the TVs remain discoverable but you can configure your firewall in such a way that traffic can only go in one direction.
 
Yep, guest network on separate vlan, isolated clients and lan side firewall. Same for CCTV cameras on the LAN. Haven't got any IOT devices yet (other than TV, but not sure what to do with that), but will setup a separate wireless network the same as the guest but with a password.
 
I've been meaning to look into doing this.

If you have a seperate VLAN for TV's for example though would that stuff up using dlna or any other streaming technology between devices on one VLAN to those on another?
 
How secure are VLANs likely to be on consumer grade kit? For logical segregation I understand why VLANs can help, as a security measure I'm not as convinced. Especially when considering a non enterprise quality hardware/software configuration.

That said, VLAN Hopping issues etc are old and widely known, perhaps the implementations out there are all tidy now?
 
Yes, I run a full UniFi setup at home and use the following VLANs with varying acls to allow traffic between them.

Home Network (Trust)
DMZ Network
ILO Network
NAS Network
Guest Network

:D
 
You must log in or register to reply here.
Back
Top Bottom