|18 Jan 2023|
|@thelosmos1010:matrix.org joined the room.||04:10:38|
|@thelosmos1010:matrix.org left the room.||04:10:51|
|@seanjohnstontips:matrix.org||Redacted or Malformed Event||05:13:22|
|Warped||Redacted or Malformed Event||05:45:58|
|AtypicalKernel banned @seanjohnstontips:matrix.org (Spammer).||05:51:26|
|drgif joined the room.||13:22:49|
|Hank||They must have been doing a true full spectrum operation on Matrix. That scammer showed up in some obscure meditation room I subscribe to lol||15:30:11|
|hbarsquared joined the room.||22:36:13|
|19 Jan 2023|
|DaveM joined the room.||16:04:14|
|DaveM changed their display name from David Massey to DaveM.||16:07:10|
|DaveM set a profile picture.||16:15:41|
|20 Jan 2023|
|mrwacky joined the room.||23:58:53|
|22 Jan 2023|
|chaz042 joined the room.||21:31:46|
|morack19 joined the room.||22:58:43|
|24 Jan 2023|
|datagoose joined the room.||18:12:55|
|25 Jan 2023|
|defolos joined the room.||07:14:30|
I am considering two options.
My terminology is as follows
Any recommendations? Thanks!
|@pepin:globohomo.co||Why not just create a new vlan and setup second wireless SSID?||08:18:43|
|Andreas||Unsure if the smart stuff will work, since I am unsure if network isolation works, eg. the smart devices are allowed to connect to home assistant||08:24:56|
|@pepin:globohomo.co||Dd-wrt has a firewall||08:26:12|
|Andreas||A firewall for external to internal connections. Therefore, internal traffic can just run loose and connect to anything. That's why I'd want to isolate the networks for trusted and untrusted devices.||08:32:03|
|Warped||If you don't trust VLANs and firewalls to work, then the only solution is 2 internet lines. Otherwise, you need to trust something. Nothing is 100%. If someone wants to get in, they will. A provider modem/router with 2 routers plugged in, for secure and insecure, will give you all the isolation you need without much setup. Added benefits are that you can have 2 WiFi channels, so they can't interfere with each other.||08:39:51|
|Warped||(I always turn off the internet provider's WiFi, or get them to)||08:41:43|
In reply to @warped:linuxdelta.com
Thanks. This were the answer I were looking for. May have been unclear in my question.
As my ISP, I have the option of setting up my own router, and that is what I did. Therefore, I were looking for an option of separating the devices into trusted and untrusted categories by connecting them to different wireless networks.
As for my understanding of dd-wrt, yes, it has a firewall, but I don't know how it will work for wireless devices connected attempting to connect to a machine on my LAN.
And agreed, nothing is 100%, but I can still take my steps and isolate devices I trust versus those I don't (PCs versus IoT fluff)
|datagoose changed their profile picture.||18:35:29|
|26 Jan 2023|
|adevries||Andreas: Steve Gibson from the Security Now podcast has suggested in the past a 3 router setup. You've got one router for the WAN and then 2 routers downstream from that one where 1 is for the LAN and secure devices and the other is for all the IoT stuff. That way you have 2 completely separated LANs and they know nothing about each other||14:55:38|
In reply to @splintter:matrix.org
Personally I have always used vlans and firewalls, also I would separate slightly further into the following VLANs
|AtypicalKernel||* Personally I have always used vlans and firewalls, also I would separate slightly further into the following VLANs 1 Admin (router/switch config, IPMI/iDrac/etc, PAW) 2 Hostile - no internet access + restricted vlan3 access (IOT, Smart TV) 3 Server/Services 4 Trusted Devices - full internet access, full access to vlan 3, stateful access into vlan 2 5 Untrusted - Internet and as needed restricted access to vlan 2 and 3 6 Guest - Internet access only||15:36:33|
I follow the concept of least privilege, if something doesn't need to talk to something it doesn't.
Also I think in threat modeling terms, so not so much trusted/untrusted but more what bad behavior do I expect and gow to mitigate said bad behavior
|AtypicalKernel||I also just realized I used an uncommon acronym "PAW" stands for "privileged access workstation" Also if you want to be technical there are supposed to be multiple PAWs (users/identity, network configuration, data storage/management, server admin)||15:44:26|