It’s 2022 and you have a smart home. Given all of the stories about IoT devices getting hacked or hijacked with malware, are your router and home network prepared to protect your home? If you have an older router or don’t use advanced features of a more modern one, maybe not. With that in mind, here are some different ways to bolster your smart home device security — assuming your router has the right features.
To be clear, the primary goal here is to keep any network intrusions limited solely to infected devices. You don’t want some malicious actor entering your home network through an IoT device and gaining access to your other devices or your network data.
Use that Guest network
The simplest method for protecting your network is to set up a guest network and attach all of your smart home devices to it. Even if your router is a few years old or provided by your ISP, there’s a good chance it supports at least one guest network. The last two Eero routers I reviewed, for example, offer a guest network.
The steps you’ll need to take to create a guest network vary by make and model, so start by checking your router’s regular or even advanced settings. Then create a network name and password that’s completely different from your main home network. Next, connect all of your IoT products to the guest network so as to keep them separate from the network used by your phones, computers, tablets, and televisions. Doing so will protect your main home network from any outside access through a compromised IoT device.
There is a downside here, however. Whenever you want to use a mobile app to control any of your smart home devices, you’ll need to connect your phone to the guest network. Though if you use smart speakers or smart displays to control those connected devices, it’s less of an issue. Why? Because if you put all of your smart home products on the guest network, those smart speakers and smart displays should be on it, too, so they can “see” your lights, locks, cameras, etc.
What is network segmentation?
With an advanced router, you can take the guest network approach to another level through network segmentation. Again, the make, model, and age of your router will determine if you have the ability to use this feature. Ubiquiti routers have been popular choices among our listeners and readers.
Essentially, network segmentation splits your home network into subnetworks: Instead of a single network, you have multiple networks. And just like the guest network approach, once you’ve created a subnetwork specifically for your smart home devices, they should all be connected to it. Each subnetwork can access the internet through your router, but devices on one subnetwork can’t “see” devices on another one.
In the image above, you’ll see that each range of subnetwork IP addresses starts with the same number: 192.168. This is a common private, or internal, IP address range for use in any home or business. The next number ranges illustrate IP addresses that are segmented. Home Wi-Fi devices use a range of network IP addresses, from 192.168.2.1 to 192.168.32.254. The IoT devices in this example use a similar range of addresses, but on the 192.168.3.xxx subnet. They can only see devices on that same segmented network, so a third party accessing them can’t access devices on the Home Wi-Fi network.
This Medium article from JMDevLabs offers a detailed explanation of how network segmentation works and how to set it up. However, network segmentation has the same downside as using a guest network. To control IoT devices from a smartphone, it has to be on the same network as those devices.
Another hardware option
If network segmentation seems too challenging to set up and/or your router doesn’t offer a guest network, there are other options. One of the best, in my opinion, is more of a gatekeeper than an actual segmented gate.
It’s from Firewalla, which makes a range of cybersecurity home products. Each of the products — which range in price from $139 to $475 — has the same base functionality, but you can spend more to add features or support a faster network.
Previously, I tested two of these products in the lineup, the Firewalla Blue and the Firewalla Gold. Each is installed directly between your home’s internet connection and your router. So it’s like a firewall in that regard, as it can see inbound and outbound network traffic.
And like a firewall, you can configure rules that allow or disallow smart home devices a connection to or from the internet. That way you can, for example, allow your Google Home devices to only connect with Google servers. Such configuration can limit third parties from accessing your smart home device, getting on your network, sniffing through your data, or accessing other devices without your knowledge.
It takes time and effort to set up a Firewalla for maximum protection. Initially, you may be bombarded with notifications from the Firewalla to approve or deny internet access for devices. And you can easily fall down a rabbit hole as you watch servers from around the world try to connect with your IoT products.
However, by default, the Firewalla is largely a self-configuring tool, so it’s up to you how much network data you want to sift through and take action from. There are several other physical devices, such as those from Bitdefender and Cujo, which can also perform this function. Additionally, some services from Comcast Eero or your ISP might also help provide this level of notification and monitoring for a monthly fee.
Note that you can combine several of these methods, for example, by using a guest network and a Firewalla. Or you can go a step further and invest in a commercial-grade router that supports virtual LANs, although that’s not something most smart home owners would likely tackle.
No matter what your approach is, your goal is to keep network threats to a minimum in your smart home. And that’s something that all of these options will do.