Get assistance with securing your smart home network.
Get assistance with securing your smart home network.
So i'm working on getting a pretty comprehensive smart home setup, however i'm semi-worried about security; I've watched a good number of video's on securing smart home devices and making sure the network is secure, but i'm gonna ask in here and see how secure people think "this setup" would be, and i have a few questions at the end, if you all wouldn't mind helping me? My actual home network would have a "Dream machine pro", with a "Access Point HD" for wifi. The Dream machine would have: - It's IPS turned on. - The threat management turned on level 5 - a VLAN for "Main" which would be my phone and computer, a VLAN for "IoT" for all the smart devices, and a normal "Guest" network. [ However i'm unsure if i should include alexa devices with the "IoT" vlan or if maybe i should have two IoT vlan's, one for what i would assume are pretty secure devices, like "echo shows" and other actual amazon/alexa devices and ring security devices, then maybe a "IoT 2" for the more insecure (i would assume) devices. - UpnP would be turned off. - Remote access/management would be turned off. - Port forwarding would be turned off. - WPS would be turned off. - "respond to pings from lan" and "respond to pings from wan" would be turned off. [I've heard this is good to turn off for increased security] My questions are: 1 - With the network set up like this, would some smart devices lose functionality or not work properly? 2 - is this fairly secure? any settings i could change to make it more secure? 3 - Any settings that i have up their "turned off" that don't need to be? 4 - what would you rate this for smart home networking security? is it decent? good enough? pretty good? etc
Try to find the latest Wi-Fi 6 device. What are your security concerns? This doesn’t improve protection much—keep checking what’s available. Some users prefer easy detection by phones, others connect only to cloud servers. IPS might be too much unless you’re hosting something.
1. Many IoT gadgets may fail if separated from the host network. Using mDNS can help resolve this issue. It's also wise to restrict the IoT network from connecting to the main network, ensuring VLANs remain effective.
2. Unifi isn't known for superior routing performance. pfSense might be a better alternative.
3. No additional comments.
4. I wouldn't think Amazon products are more secure than other IoT devices. If it's not a computer, keep it in one network—multiple networks aren't necessary. UniFi offers its own security cameras and door sensors; I'd explore those for stronger protection. They avoid cloud backup, preventing remote access by authorities, and they don't require subscriptions.
I understand you're comparing the 6 and HD models. The 6 offers better performance at 200Mbps on the 2.4 band, which might not be a big issue for your needs. It seems you're curious about why the 6 could be an advantage over the HD version. You mentioned reading about its ability to handle weaker signals, which is likely relevant given your use of smart devices. I'm concerned about security too—people sometimes take control of devices and misuse them. I also want to make sure my camera and other devices remain protected from unauthorized access.
I need to look into mDNS. I also added it to my list. My goal was a basic home security system that can contact authorities, and I prefer Ring cameras over Unifi ones—they’re more affordable, though Unifi looks much better. I’m pretty sure police shouldn’t share your video or footage without consent—see this link for details.
I'll retrieve the top six options, it's the best overall. You're aiming to keep everything running smoothly on a 5GHz network. WiFi 6 offers only minor enhancements and limited device support. Right now, these gadgets aren't publicly reachable. If someone exploits a vulnerability or gains access through manufacturer methods, network monitoring won't help much. The chances of trouble are low here. Most users have a single main network at home and don't face major problems. These companies can often share data with anyone they choose without your consent. That's why self-hosting is so attractive.