Ability to secure iOT (or other) devices in a manner that prohibits communication with other private systems (laptops / desktops with data)

With the growing number of iOT devices being installed in homes (thermostats, light bulbs, refrigerators, etc...) there is a growing security concern that such devices could include malware or other configurations that could put private data at risk on laptops, desktops, or other storage devices within a home. By developing a method to isolate these iOT devices into their own network (where they can see each other but cannot communicate with the devices that someone wants to keep isolated), it will significantly mitigate the risk associated with iOT by permitting those devices to talk to each other and the internet but not allowing them to have any communication with devices that could be compromised by a poorly designed (or purpose built) iOT device.

7 replies

    • Michael
    • 6 yrs ago
    • Reported - view

    This sounds like something the guest network feature would solve (correct me if I'm wrong), but the negative is that a Plus subscription would not also protect devices on the guest network.

    I would also love to see some sort of IoT isolation, but worry about an effective way to do this while also allowing local communication between the IoT devices and my iPhone, for example. While it is fine to control these things over the internet, it is also nice to have the faster response times when adjusting my Philips Hue lights from the local network.

    • s1114376
    • 6 yrs ago
    • Reported - view

    That was my thought originally as well (use the guest network as a secondary network that was isolated from private machines). I called eero support to see if they knew of any better way to do it and in the midst of that phone call learned that devices on the guest network cannot talk to each other (only to the internet directly). This means that unless your iOT device(s) are 100% cloud controlled with no need for local communication to each other (which would be unusual) then the guest network will not work as a viable solution.


    You are also correct that the eero Plus security features would not be enabled for any devices joined to the guest network...

    • rlcronin
    • 6 yrs ago
    • Reported - view

    One possible implementation might be to add a property to family profiles that, if selected, would tell the eero that all the devices in that profile should be isolated from all the other devices on the network. I've already created a family profile named 'IOT Devices" and have assigned all my IOT devices to it (just for record keeping purposes). 

    • catmandad
    • 6 yrs ago
    • Reported - view

    +1 on this idea.

    While it would be great to have full segmentation capabilities.... That isn't going to be "easy" and will not fit with eero's design.

    Instead, could we classify specific devices on the network as IoT devices (cameras, thermostats, lighting, etc).  The rule for these devices is that they can ONLY communicate to the external Internet and not make any connections to any other devices on the network (or the eero router).

    Or have smart profiles for specific product lines.

    • EricS
    • 5 yrs ago
    • Reported - view

    Strongly in favor of this idea. Like others, I created a “family” profile to include all my IoT devices.. just for keeping track. For my setup, these are all homekit devices and should only be talking to the home hub.. it would be really useful from a security point of view to restrict traffic to only IoT < - > homekit hub. Alternatively, an alert of unusual traffic patterns for those devices. 

    • bjmrq
    • 2 yrs ago
    • Reported - view

    Where is this at?

Content aside

  • 30 Votes
  • 2 yrs agoLast active
  • 7Replies
  • 1622Views
  • 11 Following