I have a couple of devices on my network that have connectivity that concerns me as I don’t know how they work.
One is a Vivint security system. It has a control panel in my house that controls, using Z-Wave signals to listen to sensors, or control devices. It is hard wired to my switch as it needs internet connection. My concern with this setup though is that I can control this device from my phone and that, if I call their support line, they can get into the panel and configure it. I can’t seem to find any open ports on my system. So, how can this happen, how much of a security risk is it if it is on it’s own vlan.
I have a Surveillance system that does the same.
Each of these systems are on their own vlan with no rules for access for any other vlans.
They (Vivint and UniView) said something about P2P. I’m having trouble understanding that. How does it work and what are the security implications?
If the devices are on their own vlan , and you are blocking access between the networks - there is no security issues.
This is why you should create an IOT network.
Many IOT devices reach out to servers that allow for them to be connected back to without open ports. Having them on separate networks where they are isolated from getting to other devices on your other networks is a good idea.
One thing or two to consider - what will happen to your security system / surveillance system when there’s no internet, and/or the vendor shuts down their servers? And what can they see/monitor in your home, without you knowing?
@c77dk Exactly! I do have two ISPs, so that should help. I have no control over the vendors deciding they no longer want to play.
As far as what they can see without me knowing, for the most part, I understand I’m relatively secure as they are on their own Vlan. But then the paranoid part of me remembers Tom talking about (I forget the exact term) being able to get from one vlan to another. It was in one of his videos evaluating a managed switch. Of course he didn’t explain how it was done and rightfully so, but it still bothers me.
So, my understanding is that if I have no ports open, there is no way to get into my system from the outside world. But if there is an open port, it relies on having all software up to date and all firewall rules proper. The no open ports thing seems easiest, but my surveillance system and security system have to have access. I’m trying to find out how they’re doing it and what precautions I can take to make it secure.
Vlan hopping on the TP-Link switches, due to crappy firmware.
Vlan hopping on a lot of different switches, not limited to TPlink. Has a lot to do with how you set up the vlans and if you are using tagged vlans. Most of the attacks spam out as many tags as possible hoping to jump. If you do not use tagged vlan setup and go for static vlans, your risk is reduced. Or at least that’s what I got from the research I was doing into this issue.
Where can I find this info?
I’m beginning to miss my days of ignorance when I could stick an ASUS router on my system and think I was all set!
Basic info that doesn’t really cover all the bases:
It is also often involving vlan 1 and some additional poor configuration of vlans. The TP-link switches have a nasty vlan 1 bug that they don’t seem to want to fix, which is why that brand was mentioned above.
Oh Great! That’s what I’m using! Seems I heard it was only an internal threat though, someone has to be internal to the network. Not sure though. Thanks for the link!
But, but, but… According to the articles, it can be mitigated by the suggestions given.