Homelab

380 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

[email protected]

Home automation security (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

So I fall pretty heavy on the paranoid side when it comes to all the Chinesium home automation and IoT devices. However, my wife wants me to put up some security cameras and if I’m going to do that then I might as well add all the other life conveniences that I want. I would love to keep everything 100% air gapped, but I know that would defeat the purpose of most stuff.

Here is a rough linear diagram of what I think I can do: Internet > pfSense > home network > IoT hub > IoT network

The important thing to note is that I want no traffic to make it from the ‘IoT network’ to the Internet. And the only traffic I want going from the ‘IoT hub’ to the ‘home network’ is a browser interface for the software I’m planning on using.

If I understand correctly, this is pretty easy to do with a firewall on the ‘IoT hub’. I should be able use separate NICs, completely lock down the ‘home network’ NIC, and just allow one application access to one port so that I can open my browser interface.

Is this about as secure as it gets? Or is there a better way?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 11 months ago (1 children)

I probably am making it more complicated than necessary. I’m pretty green to the network side of this and admittedly over concerned about IoT devices tunneling out and becoming spyware.

That being said, I like this approach. I have WAN & LAN, I’ll probably just add DMZ and IoT. I may add another physical layer between the pfSense IoT NIC and the IoT switch. It probably doesn’t add any security, but it should relieve some if the routing load from my current pfSense box. And it gives me a warm fuzzy feeling.

[–] [email protected] 0 points 11 months ago

Just curious, what do you need a "DMZ" for?

Do you have a managed switch (one that you can use for VLANs)? I'd highly recommend using VLANs instead of another physical NIC, as you'll need to double up on switches and APs if you use a separate NIC