Two Security Approaches You Should Be Taking on Your Network

Posted At : August 14, 2019 10:55 PM | Posted By : Josh Adams
Related Categories: Router,Creative Solutions

Routers these days are very sophisticated in regards to what they can do and you should take the time to configure yours to provide robust security. While not meant to be in any way comprehensive as to everything you should be doing from a security perspective on your router, this post offers 2 security approaches you should be implementing with your devices and router(s):

  1. Use the guest network for anything that doesn't need to talk to other devices on the network.

    Actually, if your router supports VLANs, using a VLAN for anything that doesn't need to talk to other devices on the nework is even better than using the guest network. For more information on this, see this excellent post.. But that post points out, most home routers do not, as of this writing, support VLANs. As such, utilizing a guest network is your best option on most home routers.

    A guest network sounds like something you would use only for your guests' devices, but this is too limited a view of a guest network; instead, you should think of your guest network as the place to put any device that doesn't need to talk to other devices on the network.

    These days there are all sorts of IoT (Internet of Things) devices that we don't access directly but rather we interact with via a cloud services. Got a smart thermostat on your network? How about a smart plug? Maybe a smart scale? Chances are that you don't directly access these devices but rather you access a cloud services to interact with these devices. Well, if that's the case, why would you want these devices to be able to talk to other devices on the network? Put them on your guest network: they'll still have access to the Internet, they just won't have access to other devices on the network. Now, you may be thinking "well, just because I don't need them to access other devices on the network doesn't mean I care if they can access other devices on the network." Well, you should care: unfortunately, devices do become compromised from time to time and if someone gets into one of yours, you don't want him/her to use that access to gain additional access to network traffic and/or devices on the network. So: guest network for anything that doesn't need to be able to talk to other devices on the network.

    And you know what would make it even better? If the guest network were on a completely separate router from your main network! If you really want to isolate the devices on your guest network as much as possible from your main network then you use 2 routers and the first (the one connected to the outside world, which most commonly would mean to your router) has the guest network on it and the second (which is connected to the WAN of the first) has your main network on it. Then even if a bad actor gains access to your guest network or to a device on it, he/she would have to gain access from the outside to your second router in order to compromise your main network.

  2. Disable access to/from the Internet for anything that doesn't need it.

    This one goes right along with the one above: in the same way that you don't want to give access to other devices on your network to anything that doesn't need it, you don't want to give Internet access to any device that doesn't need it. Have a printer on your network? Does it need Internet access? Chances are that it does not: chances are that you only need to be able to send print jobs to it on your local network. In the last item, I pointed out that unfortunately, devices do become compromised from time to time and in that case the point was to protect everything else on the network from a device that becomes compromised; here the goal is to protect a device from becoming compromised in the first place, which is especially important considering that if you need to talk to it (in this example, send print jobs to it) then you can't put it in the guest network which means that if it does become compromised then it's that much easier for the attack to gain additional access to network traffic and/or other devices on the network. So: turn off access to/from the Internet for anything that doesn't need it.

    Okay, great! But how do you do that? Well, the mechanism will vary from router to router, but in general the approach to use is going to be to create firewall rules. You will likely need a firewall rule that blocks all access from all ports from the outside (that is, the Internet) to a device and then a second firewall rule that blocks all access from all ports from a device to the outside. And you'll need such rules for every device on your network, so it might end up being a lot of rules. However, if you follow the guidance in my post Use a More Sophisticated IP Address Scheme on Your Network, you can create (if your router supports it) a rule for the entire octet you use for these devices.

Comments (21) | PDF | Send | del.icio.us | Digg It! | Linking Blogs | 1166 Views
Comments
[Add Comment]
AT&T mail support's Gravatar Have you been slapped with a charge that is incorrect according to you? Are you experiencing trouble in accessing the internet in one or more of your devices? Do you need technical support for a minor glitch? No matter what your issue, you now have full AT&T mail support on your own phone.

Just dial 1-877-916-7666, our AT&T mail support number from wherever you are around the country. It is a toll free support service where you can get answers and resolutions to your problems from our qualified engineer without any delay. This service remains open on a 24X7 basis.
# Posted By AT&T mail support | 10/23/19 4:19 PM
Rosa Valdez's Gravatar Nice
# Posted By Rosa Valdez | 10/26/19 2:44 AM
<a href="https://preinsurance.info/"&'s Gravatar I like want to more about the
# Posted By <a href="https://preinsurance.info/"& | 10/26/19 2:46 AM
ppowertv.com's Gravatar Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">?????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">?????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">???????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">???????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">???????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">???????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">??????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">??????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">?????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">?????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">?????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">?????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">????????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">????????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">???????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">???????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">nba??</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">nba??</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">mlb??</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">mlb??</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">??????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">??????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">??????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">??????</a>;

Power TV is the top TV that you can watch for free. <a href="http://ppowertv.com">???????</a>; Watch the 24-hour counseling sports free of charge. <a href="http://ppowertv.com">???????</a>;
# Posted By ppowertv.com | 4/7/20 3:58 AM
Sophie Miller's Gravatar Ich danke Ihnen für die Information! Ich war auf der Suche nach und konnte nicht finden. Du hast mir geholfen! https://collegeadmissionscores.com/city/TX/austin/...
# Posted By Sophie Miller | 4/17/20 6:35 AM
free samples's Gravatar This website contains numerous free samples https://quzzister.com of academic writings. Everyone can use them for free to create their own assignments and get the highest grades.
# Posted By free samples | 7/6/20 4:34 AM
beasleygrace's Gravatar Like science fiction, diverse worlds of the future?.. like gloomy cyberpunk, neo-modern utopia, then take a look at this blog - <a href="https://scifiarts.tumblr.com">SCI-fi arts</a>. There you will find many new beautiful science fiction artworks from the most famous authors.
# Posted By beasleygrace | 7/15/20 1:11 PM
Olivia's Gravatar Like science fiction, diverse worlds of the future?.. like gloomy cyberpunk, neo-modern utopia, then take a look at this blog - <a href="https://scifiarts.tumblr.com">SCI-fi arts</a>. There you will find many new beautiful science fiction artworks from the most famous authors.
# Posted By Olivia | 7/20/20 1:58 PM
Scott Heflin's Gravatar I have recently been looking for facts about this subject for ages. I wanted to thank you for this great I definitely loved every little bit of it.

https://www.wilmingtonsiding.com
# Posted By Scott Heflin | 7/23/20 11:47 PM
Wayne Ogilvie's Gravatar "Disable access to/from the Internet for anything that doesn't need it." Our IT Admin always do this and don't know why, thank you for explaining it to us.

Are you looking for systematic method of cleaning? Check our website https://www.garlandcleaningservices.com/
# Posted By Wayne Ogilvie | 8/25/20 6:47 AM
www.retainingwallssacramentoca.com/'s Gravatar Stop Attacks at the Edge of the Internet with Akamai Cloud Security Solutions. Prevent Costly Attacks and Increase Business Productivity.
# Posted By www.retainingwallssacramentoca.com/ | 8/27/20 9:44 AM
Vernon MCGree's Gravatar WE BELIEVE THE MUSIC INDUSTRY CAN DO BETTER
Fairness and transparency should be at the heart of a modern platform for musicians and their fans.

We’ve set out to create a place that gives music fans more freedom to support artists and gives artists tools to engage their fans and builder stronger relationships.

Website https://rap-flac.com/
# Posted By Vernon MCGree | 9/7/20 4:47 AM
Lego fan's Gravatar If you interested in creative Lego builds or you collect own favorite Lego series, welcome to our Lego fan blog where you find latest news on Lego and more.
# Posted By Lego fan | 9/15/20 7:05 AM
Franches Love's Gravatar Thanks for updating information about the subject.. Very useful for me. You might want to check out this towing services http://www.batowingservices.com/
# Posted By Franches Love | 9/18/20 9:42 AM
Vernon MCGree's Gravatar We believe consumers should feel confident about their diamond purchase, that's why our mission is to provide the most accurate and consistent gemological services with uncompromising integrity and unparalleled customer care.

Proprietary software is at the heart of GSI’s diamond grading process. This state-of-the-art software reduces the chances of human error by automating the grading process.

The same ethos behind our grading philosophy guides our global expansion efforts and informs the interactions between our offices. All our offices constantly exchange information and knowledge, allowing us to continually improve our operations and ensure the highest quality of diamond grading.

Our Website https://gemscience.net/
# Posted By Vernon MCGree | 9/27/20 4:01 AM
rubewrenn269's Gravatar You are obviously very good with words. This article shows your true talent for expressing unique thoughts other writers only aspire to think. I have respect for your writing skills.
https://bricklayinglakemacquarie.com.au
# Posted By rubewrenn269 | 10/6/20 10:24 AM
Jeremy Dixon's Gravatar At easy-flac.com we play a different music and songs that may even make your love making more romantic.

We just wish you all enjoy what we play to help make your life fuller.

Our Website https://easy-flac.com/
# Posted By Jeremy Dixon | 10/11/20 8:52 AM
Horton Darcy's Gravatar besplatnov.com – ????? ?????????? ?????????? ? ????? ? ??????.



???? https://besplatnov.com/
# Posted By Horton Darcy | 11/2/20 11:50 AM
Resume101.org's Gravatar Thank God for Resume101.org! My employer was really impressed with my resume. Thanks for the help!
# Posted By Resume101.org | 11/4/20 11:31 AM
George's Gravatar By following your approaches, I now have the idea of how to make our home network more secure. Thank you for sharing. Anyway, if you're looking for quality, efficient concrete services in Centennial, CO, I would suggest you see this http://www.centennialconcrete.org/
# Posted By George | 11/10/20 9:02 AM
Thomas Deleon's Gravatar These are excellent tips to make our office at http://www.longmonttreeservice.org/ (a tree service company in Longmont, CO) more secure. This is extremely helpful. Thank you for sharing!
# Posted By Thomas Deleon | 11/11/20 7:48 AM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9.002. Contact Blog Owner