Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6436
Views
4
Helpful
5
Replies

IoT best practices

RumorConsumer
Level 4
Level 4

‎07-02-2021 01:16 PM

Hey all

So I have a few IoT devices coming on - water level sensors, temp sensors, things like that that my facilities guys need to be able to access. My main VLAN contains about 20-30 devices, all mac or iOS. I have a couple synology servers which are as secure as they can be in terms of all best practices followed. I guess Im wondering if i should be at all worried about somebody somehow getting access to the IoT stuff. Id love to have it be easy for my guys to check all their sensors and things without having to jump on another SSID/VLAN combo. Is there something else you can do to somehow mitigate the chance that a device could be compromised? Most of them seem based on Espressif hw/sw solutions. They seem pretty legit. Anyways your thoughts welcome.

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
Labels:
0 Helpful
5 Replies 5

Philip D'Ath
Meraki Community All-Star
Meraki Community All-Star

‎07-02-2021 05:05 PM

What brand are the IoT sensors?

RumorConsumer
Level 4
Level 4
In response to Philip D'Ath

‎07-03-2021 10:57 AM

@Philip D'Ath

Some Amazon stuff

Meross smart home AC outlets

Espressif makes an air quality sensor and a temperature sensor for a walk in fridge.

Some printers - brother and HP

Newport Media makes a sprinkler system controller called Hydrawise

"SHENZHEN FUZHI SOFTWARE"

Sonos

Wyze

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Helpful

Karsten Iwen
VIP
VIP

‎07-03-2021 05:56 AM

The "S" in "IoT" stands for security ... 😉

I don't trust these devices at all and try to put them in a separate WLAN and VLAN if possible. For some devices where the controlling device needs to be in the same IP subnet as the IoT-device, I put them in the same VLAN, but control access on then WLAN itself. One of the MPSK-solution (both with or without RADIUS) can be of great help here.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

RumorConsumer
Level 4
Level 4
In response to Karsten Iwen

‎07-03-2021 10:54 AM

@Karsten Iwen in your opinion, whats the most likely threat posed at this point? I wont have enough to make a bot net to be DDOS'd inside my network, and everybody here uses Macs and iOS which is pretty solid as far a I understand in terms of attack surface. And then I have advanced security on my MX68.

Networking geek since high school where I got half of a CCNA. Played Marathon II and Infinity over localtalk.
Made many a network over the years, now de facto admin of a retreat center with some of this fine Meraki hardware.
Fortune 100 Tech veteran/refugee.
0 Helpful

MerakiGnome
Meraki Community All-Star
Meraki Community All-Star
In response to RumorConsumer

‎07-03-2021 02:18 PM

The most likely threat.....? What do you have on your network that needs protecting? Sensitive data, financial data etc etc?

I would ensure that these IoT devices are segmented away so should the worst happen any lateral network movement can’t happen.

Darren OConnor
https://www.linkedin.com/in/darrenoconnor
0 Helpful
Customers Also Viewed These Support Documents