Turn the clock back 2 decades and if you connected a Windows XP computer to the internet without a firewall it was likely you would get an infected computer within minutes. Blaster Worm was infecting computers and it would spread to other computers on the network wreaking havoc to devices. In the early days of the internet malicious people were often wreaking havoc as a prank or exploiting vulnerabilities for fun, in the case of the Blaster worm it would cause computers to reboot every 60 seconds, that sure is annoying but it wasn’t doing any permanent damage. Turn the clock forward and we have firewalls built into our computers, tablets, mobile phones and we also have basic firewall protection built into our routers that prevent a lot of direct attacks from the outside world.
But over the years the landscape has changed and a new type of criminal has evolved, criminals whose full time job is to hack, scam or extort people out of money. I created an article about some of these hackers that you can read here and in future articles we will talk about even more. But in this article I’m going to cover why you need to be careful about the devices you put onto your network and why you should use VLANs.
If we now have firewalls built into our devices we should be safe right. . . NO! Unfortunately every device you bring into a network is a vulnerability and you are relying on that device to have its own security. With many devices the companies behind the product are big tech companies with big budgets for software developers and security teams, many have dedicated Pen Testers (penetration testers) who are teams of staff who’s entire job is to try to exploit the security of a product. But unfortunately not all companies have big budgets or top level security staff and even in some cases the big guys can still stuff up.
What I’m touching on is all the little devices that you bring into your house, think about all those little IoT (Internet of Things) devices that are plastered around your home, unfortunately if they connect to the internet it could be an attack vector for someone to access not only that device but other devices on your network. Items like security systems, smart doorbells, weather stations, thermostats, smart speakers, TV’s, smart watches, printers & even smart timers. If it connects to the internet in some form it has created a tunnel past your router’s firewall and traffic can come back into the network via that tunnel.
Now most manufacturers are very good on how they develop their devices but it just takes 1 little item to start causing issues. If you talk to any cyber security expert they will tell you that they don’t trust a lot of IoT devices so they tend to put their IoT devices on a separate VLAN (Virtual Area Network) or a different network entirely from their main devices. So how can a homeowner do this and why would I want to go to the effort?
Let’s use an analogy; your home WiFi network is like a hotel and every device that connects to the internet is a person that has their own room. You have your big name celebrities that come and stay like Bill Gates or Steve Wozniak who understand the importance of keeping their doors locked but they all use the same hallway to access their rooms. But what happens if a fire breaks out in one of the smaller less known rooms, well the fire can spread to the hallways and can propagate into other rooms. Enter a VLAN, a VLAN is like a separate floor with separate hallways and you can build as many floors as you want and the floors can have as many rooms as needed. Some floors may be dedicated to the IoT attendees and some floors may only have 1 room for that 1 suspicious actor. With this setup you don’t need to worry about what is happening on one floor because it can’t spread to the other floors.
So how do you set up a VLAN, unfortunately most consumer grade routers don’t allow for it by default and you have to install 3rd party firmware onto the router to enable the feature. This is a sad reality of alot of consumer grade routers where they have the ability to have these safety features but they decide to disable them. I liken it to a company disabling the airbags to a vehicle. So the next best option is to enable your guest network and put your IoT devices on that, at least then they will be segregated from your LAN but there are a few issues this brings up that I’ll touch on in future articles.
In summary you should be using VLANs in your home network and especially for your IoT devices but unfortunately most consumer grade routers have had that capability turned off by the manufacturer.
