Network Segmentation

We see a lot of discussion here about where our video streams might end up. That’s a legitimate question, but this post is about the flipside. Suppose some bad actor has a reason to hack you. Hey, maybe they’ve already seen that sweet new Maserati on one of the five WyzeCams you have in your eight-car garage. But these are no petty thieves. No, they aren’t interested in your Maserati, much less getting caught liberating it. They want your banking and brokerage credentials. So they learn what they can about your home WiFi network from your WyzeCams. Then they mount an attack on your home network. Uh oh. Suddenly someone seeing your dungeon in use seems a lot less important. Unless you’re also smart and have segmented your home network and put all your “security-is-for-suckers-who-own-stock-in-tinfoil” IoT devices on a dedicated VPN isolated from devices with access to sensitive financial, like PCs and laptops. (And of course you have those on a hardwired VPN, right?)

Unfortunately, free lunches are hard to come by. If you do belong to the Maserati class (and, hey, props to you!) hire yourself a network security pro and a white-hat auditor to pen-test. (Let the “pro” know you’re going to do this; you’ll be amazed how quickly the charlatans duck out.) Or, if like me you are blessed with more paranoia than money, start Googling “network segmentation.” Bone up on networking, ditch your consumer-grade router, and invest in some prosumer kit (actually not expensive, except in the time you’ll spend learning to use it effectively) that allows your to segment your home network into a collection of VPNs with firewall rules that YOU decide.

Good luck keeping your ménage à trois out of the papers. Better luck keeping your hard assets safe. :+1:

3 Likes

Always a good idea for segmentation if you have the ability to. Prosumer router a great idea, but I think the majority of consumers who buy a $20 wyze or even the bigger consumer brands by Amazon or Google have no idea or really care to know how to adjust setting etc other than what’s given to them in an app based form. Unfortunately many people don’t like tech change, and especially so when your cable company comes in and sets up their router or whatever up for you, many don’t go past that. All they want is to know here is your wireless network name and this is the password. You, I and many in the wyze community care and go beyond plugging in and setting up, but I think for many it is not so. Some people never even change their default password on many of their devices camera etc. And when one gets in the news that something is hacked it’s usually always the case default user/pass. Privacy by design is starting to be built into many new consumer devices but that’s assuming you buy one or replace with one with that in mind. A super easy way I suggest people who are not super techy or care to read and learn is to enable their “Guest Network” on their router (usually available through router app) and put anything iOT on there, be it cameras, sensors fridge etc. It is just one step beyond plugging in and setting up a device without buying anything. But yes ideally a segmented network, by either a security appliance, vlans, even an old router connected (cascaded) to current home router but all options come with some sort of learning curve which I am afraid many are afraid to undertake

2 Likes

@Ravell

Yes, exactly. I put this out there for two groups of folks (who may overlap of course). First, the self-starters who just need to know something is possible and then run with it. The other group, and this may be slightly subversive, is made up of people who have the resources to demand and expect better, by voting with their wallets. These people may create demand for products and services at higher price-points which, though supply and demand, drop over time and benefit everyone. I call these the early adopters. :blush:

Imagine a home network kit that comes preconfigured for a dozen common WiFi and ethernet segmentation use cases, and all the buyer has to do is name the networks and pick a strong password for each WiFi segment. If somebody is already doing this as a COTS kit, let me know. High-touch home entertainment consultancies could be the first path to market, giving them a turnkey system that can be installed quickly and consistently while earning them a premium margin. The Maserati set (yep, still love you guys!) won’t even blink at spending on defense. In fact, it plays to their narrative. (Really, totally love you guys.)

In the meantime, I agree that putting all IoT devices (and no privileged-access devices!) on a Guest network is something everyone can do. And why wouldn’t we trust consumer routers?

Well, from just last week we have this doozy:
https://cablehaunt.com/

And this site has a lot of helpful information:
https://routersecurity.org/index.php

Hopefully this doesn’t come off as tinfoil hat scaremongering. Read up, ask questions, decide for yourself.

I’ve definitely drifted off-topic from Wyze products specifically, so I won’t be hurt if this gets modded down. Good luck, y’all!

Everything, every piece of technology cheap/expensive does not matter they all some sort of caveat at some point in their lifecycle.

“Hopefully this doesn’t come off as tinfoil hat scaremongering. Read up, ask questions, decide for yourself.”

Never, knowledge is always power! you come away reading these post knowing one thing you did not before, our convo and this forum has accomplished something… it will always come down to the individual on what they do next :slight_smile: hopefully like you said read, inquire, make decisions.