I really wish managed, VLAN-capable switching were the default in the home networking space. So many good network decisions can be made when you have multiple networks that can't see each other.
A lot of home routers at least come with a 'guest' mode that can be turned on (and is often really just a hidden VLAN internally), but enabling multiple networks with isolation? Nope. That's a business class feature.
[#]networking #homeNetworking #managedSwitch #sysadmin #networkSecurity
=> More informations about this toot | More toots from mikebabcock@floss.social
I have about 30 WiFi devices on my home network. How many of those require access to my NAS server? Maybe three. Can I add static IPs and firewall rules to block the others? Yes.
Can I add another #WiFi SSID and mark it VLAN 3 and move my NAS and those few devices to their own network instead? Even better.
Same for my camera system. And no, it shouldn't be the same VLAN as the NAS, because if the cameras have a vulnerability, it should be isolated from other services.
[#]networkSecurity #sysadmin
=> More informations about this toot | More toots from mikebabcock@floss.social
Do I expect the average home user to understand these things? No. But could devices have better default options? Certainly yes. Business class switches already have Voice #VLAN auto-detect by MAC OUI -- there's no reason not to add a little more fairy dust and help home users keep their stuff separated intelligently while still enjoying the benefits of insecure #IoT devices.
Some day maybe it will be normalized to hire a pro to install these things, but until then ...
[#]sysadmin #networkSecurity
=> More informations about this toot | More toots from mikebabcock@floss.social
@mikebabcock the real issue is that ISPs (at least in my country) provide the home router, and it's 'free'. 99% of home users probably never even log into it, so it's simple economics why would ISPs provide anything better, sprinkled with your 'fairy dust' as it were.
They provide the cheapest thing that lets them slap a logo on the web interface and shove it out the door
=> More informations about this toot | More toots from jamesbooker@floss.social
@jamesbooker sure, but that's just a statement of how things are, not how they could be. With very careful effort, we could have governments recognize the danger of homes and even businesses with poorly configured defaults and legislate better hardware and even firmware requirements.
At this point in history, bad routers are probably just as bad for society as bad catalytic converters but we have laws for only one of those.
[#]networkSecurity #cybersecurity
=> More informations about this toot | More toots from mikebabcock@floss.social
@mikebabcock I'm 100% behind you, just stating the obvious I guess. If someone can sustainably produce a $50 router that supports all these features and is easy to configure then there might be some traction.
=> More informations about this toot | More toots from jamesbooker@floss.social
@jamesbooker personally speaking, I'm a big fan of at least partially decoupling routers and WiFi due to room placement, but maybe in the near future builders will pre-install CAT-6a in the ceilings for people to have proper connectivity. Put that in the building codes :).
=> More informations about this toot | More toots from mikebabcock@floss.social
@jamesbooker I'm reminded of this not-$50 router project I'm very excited by: https://www.youtube.com/watch?v=UFKhprphIAA
[#]networking #FLOSS #hardware #video
=> More informations about this toot | More toots from mikebabcock@floss.social This content has been proxied by September (3851b).Proxy Information
text/gemini