Two Security Approaches You Should Be Taking on Your Network

Posted At : August 14, 2019 10:55 PM | Posted By : Josh Adams
Related Categories: Router,Creative Solutions

Routers these days are very sophisticated in regards to what they can do and you should take the time to configure yours to provide robust security. While not meant to be in any way comprehensive as to everything you should be doing from a security perspective on your router, this post offers 2 security approaches you should be implementing with your devices and router(s):

  1. Use the guest network for anything that doesn't need to talk to other devices on the network.

    Actually, if your router supports VLANs, using a VLAN for anything that doesn't need to talk to other devices on the nework is even better than using the guest network. For more information on this, see this excellent post.. But that post points out, most home routers do not, as of this writing, support VLANs. As such, utilizing a guest network is your best option on most home routers.

    A guest network sounds like something you would use only for your guests' devices, but this is too limited a view of a guest network; instead, you should think of your guest network as the place to put any device that doesn't need to talk to other devices on the network.

    These days there are all sorts of IoT (Internet of Things) devices that we don't access directly but rather we interact with via a cloud services. Got a smart thermostat on your network? How about a smart plug? Maybe a smart scale? Chances are that you don't directly access these devices but rather you access a cloud services to interact with these devices. Well, if that's the case, why would you want these devices to be able to talk to other devices on the network? Put them on your guest network: they'll still have access to the Internet, they just won't have access to other devices on the network. Now, you may be thinking "well, just because I don't need them to access other devices on the network doesn't mean I care if they can access other devices on the network." Well, you should care: unfortunately, devices do become compromised from time to time and if someone gets into one of yours, you don't want him/her to use that access to gain additional access to network traffic and/or devices on the network. So: guest network for anything that doesn't need to be able to talk to other devices on the network.

    And you know what would make it even better? If the guest network were on a completely separate router from your main network! If you really want to isolate the devices on your guest network as much as possible from your main network then you use 2 routers and the first (the one connected to the outside world, which most commonly would mean to your router) has the guest network on it and the second (which is connected to the WAN of the first) has your main network on it. Then even if a bad actor gains access to your guest network or to a device on it, he/she would have to gain access from the outside to your second router in order to compromise your main network.

  2. Disable access to/from the Internet for anything that doesn't need it.

    This one goes right along with the one above: in the same way that you don't want to give access to other devices on your network to anything that doesn't need it, you don't want to give Internet access to any device that doesn't need it. Have a printer on your network? Does it need Internet access? Chances are that it does not: chances are that you only need to be able to send print jobs to it on your local network. In the last item, I pointed out that unfortunately, devices do become compromised from time to time and in that case the point was to protect everything else on the network from a device that becomes compromised; here the goal is to protect a device from becoming compromised in the first place, which is especially important considering that if you need to talk to it (in this example, send print jobs to it) then you can't put it in the guest network which means that if it does become compromised then it's that much easier for the attack to gain additional access to network traffic and/or other devices on the network. So: turn off access to/from the Internet for anything that doesn't need it.

    Okay, great! But how do you do that? Well, the mechanism will vary from router to router, but in general the approach to use is going to be to create firewall rules. You will likely need a firewall rule that blocks all access from all ports from the outside (that is, the Internet) to a device and then a second firewall rule that blocks all access from all ports from a device to the outside. And you'll need such rules for every device on your network, so it might end up being a lot of rules. However, if you follow the guidance in my post Use a More Sophisticated IP Address Scheme on Your Network, you can create (if your router supports it) a rule for the entire octet you use for these devices.

Comments (37) | PDF | Send | del.icio.us | Digg It! | Linking Blogs | 3751 Views
Comments
[Add Comment]
bendigoconcrete's Gravatar One of my favourite type of Blog is the “tech blog”. Now this isn’t something new to blog about, as Tech bloggers have been blogging about technology news and gadget reviews in detail online
# Posted By bendigoconcrete | 9/22/22 9:54 PM
cliftondumpster's Gravatar a bit too technical and full to the brim of jargon. It’s nice to see a tech blog that has lowered the entry level to tech news.
# Posted By cliftondumpster | 9/22/22 10:00 PM
Home Lockout Milwaukee's Gravatar A-1 Security Locksmith Milwaukee provides professional locksmith services for Milwaukee and Southeast Wisconsin. Call For Emergency Service 414-447-5200
# Posted By Home Lockout Milwaukee | 10/4/22 3:32 AM
engagement photographers maui's Gravatar Find out why our Maui family photography is the top rated on the island of Maui, Hawaii for family photography, wedding photography, and Maui photography - Simple online booking - friendly and professional photographers in Maui - Capture Aloha Photography are Hawaii's best licensed and insured Maui photographers.
# Posted By engagement photographers maui | 10/4/22 10:03 AM
sarasota family photographers's Gravatar We are a small family owned and operated wedding and portrait photography company with over 15 years of experience. We specialize in wedding, engagement and portrait photography for families, but also high school seniors, maternity, and surprise proposals. Sunset at the beach is our favorite photography backdrop, but Sarasota/Bradenton offers a variety of beautiful places to choose from. We use a combination of natural light and off camera flash, a must in order to capture the vivid and bright colors our clients have loved for over a decade.
# Posted By sarasota family photographers | 10/4/22 10:25 AM
Sarasota Hormone Therapy's Gravatar Virtue Of Health is an integrative primary care and functional medicine clinic.
# Posted By Sarasota Hormone Therapy | 10/4/22 10:42 AM
Closets and Carpentry LLC's Gravatar Spartan Custom Closets - Voted Best Sarasota Custom Closets in Sarasota and Bradenton 2022! Call us today at 941-253-5933!
# Posted By Closets and Carpentry LLC | 10/4/22 10:51 AM
pool resurfacing bradenton's Gravatar Sarasota Pool Builders - We specialize in designing, building, and renovating swimming pools by transforming your backyard into an outdoor retreat. Proudly serving Sarasota Florida, Bradenton, Lakewood Ranch, And Venice and surrounding areas. Call today! 941-366-60
# Posted By pool resurfacing bradenton | 10/4/22 10:56 AM
Sarasota Pool Leak Detection's Gravatar We are proud to be SW Florida's most comprehensive pool leak detection company and the top rated pool leak techs in 2021. We have developed the most thorough leak detection process in all of SWFL proudly spanning from Tampa down to Naples. Call today for a FREE Estimate!
# Posted By Sarasota Pool Leak Detection | 10/4/22 11:13 AM
Ear Guages's Gravatar We are a collective of diversified and well traveled artists bringing the highest standard of quality that can be offered.
# Posted By Ear Guages | 10/4/22 11:19 AM
Sarasota appliance repair's Gravatar Kingdom Appliance Repair Services is a family-owned and operated business based in Florida’s Manatee and Sarasota counties.
# Posted By Sarasota appliance repair | 10/4/22 11:22 AM
Air Duct Cleaning Sarasota's Gravatar T.I.E.S. 360 – Total Indoor Environmental Solutions. As Southwest Florida’s most trusted and experienced indoor air quality professionals, we believe in delivering quality work.
# Posted By Air Duct Cleaning Sarasota | 10/4/22 11:26 AM
A1 Security Locksmith's Gravatar Can I simply just say what a relief to discover an individual who really knows what they're talking about over the internet. You certainly know how to bring a problem to light and make it important. A lot more people really need to check this out and understand this side of your story. It's surprising you aren't more popular since you certainly possess the gift.

<a href="http://www.a1securitylocksmithmilwaukee.com/l"... Lockout Milwaukee</a>
# Posted By A1 Security Locksmith | 12/3/22 10:59 PM
Home Lockout Milwaukee's Gravatar You need to be a part of a contest for one of the most useful sites on the web. I am going to highly recommend this blog!
http://www.a1securitylocksmithmilwaukee.com/
# Posted By Home Lockout Milwaukee | 12/3/22 11:00 PM
Home Lockout Milwaukee's Gravatar You need to be a part of a contest for one of the most useful sites on the web. I am going to highly recommend this blog!
http://www.a1securitylocksmithmilwaukee.com/
# Posted By Home Lockout Milwaukee | 12/3/22 11:00 PM
maui senior pictures's Gravatar Hello there! I just would like to offer you a big thumbs up for the excellent information you've got right here on this post. I'll be returning to your site for more soon.
https://www.capturealoha.com
# Posted By maui senior pictures | 12/3/22 11:12 PM
sarasota duct cleaning's Gravatar After I originally commented I appear to have clicked on the -Notify me when new comments are added- checkbox and from now on every time a comment is added I get 4 emails with the same comment. There has to be an easy method you are able to remove me from that service? Kudos!
https://www.ties360.com
# Posted By sarasota duct cleaning | 12/3/22 11:18 PM
Body Jewelry Ear Guages's Gravatar Spot on with this write-up, I truly feel this web site needs far more attention. I?ll probably be returning to read more, thanks for the information!

https://zedgetattoo.com
# Posted By Body Jewelry Ear Guages | 12/3/22 11:24 PM
Leak Detection's Gravatar You are so interesting! I do not suppose I've read through anything like that before. So nice to find another person with original thoughts on this topic. Seriously.. thanks for starting this up. This site is something that's needed on the web, someone with a bit of originality!
https://mypoolleaks.com/
# Posted By Leak Detection | 12/3/22 11:29 PM
north port pool builders's Gravatar I like reading through an article that can make people think. Also, thank you for permitting me to comment!
https://www.poolcreationsfl.com/
# Posted By north port pool builders | 12/3/22 11:33 PM
custom closets Port Charlotte's Gravatar This is the perfect web site for anybody who really wants to find out about this topic. You understand a whole lot its almost tough to argue with you (not that I really would want to?HaHa). You definitely put a new spin on a topic that's been discussed for many years. Excellent stuff, just excellent!
http://www.dreamclosetsllc.com/
# Posted By custom closets Port Charlotte | 12/3/22 11:38 PM
anna maria island family photographers's Gravatar Oh my goodness! Awesome article dude! Many thanks, However I am going through difficulties with your RSS. I don?t know the reason why I cannot subscribe to it. Is there anybody having identical RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!
https://loveandstylephotography.com/
# Posted By anna maria island family photographers | 12/3/22 11:41 PM
Sarasota IV Therapy's Gravatar Hello there! I could have sworn I?ve visited this web site before but after going through some of the posts I realized it?s new to me. Regardless, I?m definitely happy I stumbled upon it and I?ll be bookmarking it and checking back frequently!
# Posted By Sarasota IV Therapy | 12/6/22 1:38 AM
lockouts Milwaukee's Gravatar Spot on with this write-up, I truly feel this web site needs far more attention. I?ll probably be returning to read more, thanks for the information!
http://www.a1securitylocksmithmilwaukee.com/
# Posted By lockouts Milwaukee | 12/13/22 7:42 AM
Anna Maria Island Family Photography's Gravatar You are so interesting! I do not suppose I've read through anything like that before. So nice to find another person with original thoughts on this topic. Seriously.. thanks for starting this up. This site is something that's needed on the web, someone with a bit of originality!
https://loveandstylephotography.com/
# Posted By Anna Maria Island Family Photography | 12/13/22 7:59 AM
sarasota duct cleaning's Gravatar I like reading through an article that can make people think. Also, thank you for permitting me to comment!
https://www.ties360.com
# Posted By sarasota duct cleaning | 12/13/22 8:11 AM
Natural Primary Care Doctors Sarasota's Gravatar This is the perfect web site for anybody who really wants to find out about this topic. You understand a whole lot its almost tough to argue with you (not that I really would want to?HaHa). You definitely put a new spin on a topic that's been discussed for many years. Excellent stuff, just excellent!
# Posted By Natural Primary Care Doctors Sarasota | 12/13/22 8:22 AM
Appliance Repair Sarasota's Gravatar Aw, this was an incredibly good post. Taking the time and actual effort to make a good article? but what can I say? I procrastinate a whole lot and don't seem to get anything done.
https://www.kingdomappliancerepairfl.com
# Posted By Appliance Repair Sarasota | 12/13/22 8:28 AM
Tattoo's Gravatar Oh my goodness! Awesome article dude! Many thanks, However I am going through difficulties with your RSS. I don?t know the reason why I cannot subscribe to it. Is there anybody having identical RSS problems? Anyone that knows the solution will you kindly respond? Thanx!!
https://zedgetattoo.com
# Posted By Tattoo | 12/13/22 8:34 AM
Plantation Shutters Port St. Lucie's Gravatar An outstanding share! I have just forwarded this onto a friend who has been conducting a little research on this. And he actually bought me breakfast due to the fact that I found it for him... lol. So allow me to reword this.... Thanks for the meal!! But yeah, thanx for spending time to talk about this matter here on your website.
https://smithshangups.com/
# Posted By Plantation Shutters Port St. Lucie | 12/13/22 8:44 AM
maui wedding photographers's Gravatar Pretty! This was an extremely wonderful post. Thanks for supplying these details.
https://www.capturealoha.com
# Posted By maui wedding photographers | 12/13/22 9:03 AM
Sarasota Pool Leak Detection's Gravatar Greetings! Very helpful advice within this article! It is the little changes that produce the biggest changes. Thanks a lot for sharing!
https://mypoolleaks.com/
# Posted By Sarasota Pool Leak Detection | 12/13/22 9:04 AM
custom closets Port Charlotte's Gravatar Howdy! This blog post could not be written much better! Looking through this article reminds me of my previous roommate! He continually kept preaching about this. I most certainly will send this article to him. Fairly certain he'll have a very good read. Thank you for sharing!
http://www.dreamclosetsllc.com/
# Posted By custom closets Port Charlotte | 12/13/22 9:05 AM
pool resurfacing bradenton's Gravatar Hi there, I believe your web site might be having browser compatibility problems. Whenever I take a look at your web site in Safari, it looks fine however when opening in IE, it's got some overlapping issues. I merely wanted to provide you with a quick heads up! Aside from that, great website!
https://www.poolcreationsfl.com/
# Posted By pool resurfacing bradenton | 12/13/22 9:07 AM
more info here's Gravatar that cover an assortment of subjects to do with nurturing and being a mum. The way that she's not actually hard selling at all is reviving.
# Posted By more info here | 12/13/22 11:38 PM
Anna Maria Island Dolphin Tours's Gravatar I absolutely love your blog.. Excellent colors & theme. Did you build this amazing site yourself? Please reply back as I?m attempting to create my own site and would like to learn where you got this from or what the theme is named. Thanks!
https://www.amiboatingtours.com/
# Posted By Anna Maria Island Dolphin Tours | 1/9/23 12:19 PM
Rent Car Sarasota's Gravatar You need to be a part of a contest for one of the most useful sites on the web. I am going to highly recommend this blog!
https://www.siestakeycartrentals.com/
# Posted By Rent Car Sarasota | 1/23/23 2:11 AM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9.002. Contact Blog Owner