Incorporating eero into safer network for internet of things
The number of devices in the world today that want to be connected to the internet are growing rapidly. Unfortunately the manufacturers of these internet of things (IOT) devices regularly demonstrate that they do not yet understand how to make there devices secure. What this means is that these devices (e.g. TVs, DVRs, doorbells, door locks, etc) typically access the internet from the same home networks that we use to store our most sensitive data. This has obvious issues and some suggest that creating a separate network for our IOT devices is a good way to protect ourselves (take a look at twit.tv's security now podcast episode 545) . That means we will want our IOT devices (some hardwired, some wifi) on at least one separate network (perhaps one hardwired and a second IOT wifi) and we will also want a separate network to use to access our personal & sensitive data (again via ethernet and wifi). My understanding is that eero does not provide this sort of sophistication. I've heard really good things about eero and would love to use it so I'm wondering if what I was told by support is correct and if it is correct does eero have any plans to support this more complicated concept of operations for home networks??
Can IOT devices be connected to the guest network? This should limit their ability to see your internal network. I'm not sure what functionality you would lose though doing this. I won't have a network to test this on for 2 weeks, as I'm curious to see if ports can be forwarded to the devices in the guest zone.
Eero support told me that each device is singled out so they are not able to communicate together they can only communicate with the internet. Also eero does not control the hardwired portion of a network.
So depending on your IOT devices and network it may work just fine.
If you can please reply back I am curious to know how it goes.
I'll give this a shot and see what happens... I won't be until after Nov 2nd. <calendar item added> If an Eero employee checks in then I may not do the test.
I am certainly not in a rush and if you don't get to it I'm no worse off than I was before I posted. Thanks!
If eero does add this support, it would be great if it was done by creating an 802.1q tagged VLAN so if we have wired IoT devices around the house with a supporting switch, we could tag those wired devices into the same network as the IoT WLAN.
I rarely have users on the guest network. As an interim step, I would be interested in software for the Eeros that would support an IoT infrastructure in the home (replacing the guest network). Then, down the road when Eero has the hardware support for a full VLAN for all 3 types of networks, I might just upgrade! :)
Just having a separate network won't fix IoT devices that act as bots for DDOS or other external attacks. It's probably (and may already be) feasible for some to be used to forward locally captured network data, so that'd help there. Of course if it's capturing unencrypted traffic that another IoT is sending, then that'd be a potential hole for an actor to potentially exploit horizontally and across a persons internet accounts.
If eero was able to throttle traffic on potential malicious activity and/or also provide alerting on any type of identified malicious or suspicious traffic, that'd be really helpful I'd think. eero's backend could (maybe it does already or in the works) hook into some of the major security affiliate programs out there (such as with the Major AV vendors, Microsoft, Cisco, USCERT, etc...) to actively help protect against both ingress and egress attacks.
Maybe just all wishful blabbing here, but I think these types of things could really make a difference.
I am also interested in this functionality. A segregated network for IoT would be a minimum but if we could get suspicious activity reports that would be great.
- 6 yrs agoLast active