Home IoT/Wifi Security and Best Practices

Allan74

Member
May 15, 2019
95
11
8
I am in the midst of laying down a plan for my upcoming DIY security setup and will be using 99% 2.4Ghz Wifi Open Source/maker type devices and was wondering if anyone could offer any tips in terms of overall security of the network ? As most of this will be INTERNAL, I am not too concerned about a physical device compromise, just the signal itself.

Is simply using Wireless Client Separation and Mac Address filtering for the 24/7 devices such as cameras , as part of my main home network, enough to satisfy most people ? or should I be considering a completely separate subnet to distance this all from my primary network/computing/storage/outbound devices ? Perhaps deploy an old AP that is black listed by my main router from reaching outbound ?

I hate Wifi...lol. I appreciate all suggestions.
thanks in advance.
Allan
 

RTM

Well-Known Member
Jan 26, 2014
755
274
63
It sounds like you have the right ideas, I would definitely put the IoT devices on a separate network segment.
As for wireless client separation and mac address filtering it is also good, but don't forget to use a decent password for the wifi (and of course WPA2-PSK is minimum in terms of encryption).

I would probably also give some consideration towards firewall rules, I assume the reason why IoT devices need to go on your wireless network is so they can access resources on your network or so you (or your devices) can access them. If possible I suggest you implement firewall rules that only allow exactly what is necessary.

With regards to using an old AP, that really depends on a lot, but in many cases you can configure multiple SSIDs on an AP that you can then bridge with a VLAN. If this is possible with your current gear, then that may be enough to do network segmentation.