Q: What’s the best way to create a separate network for my smart home devices like the FBI is recommending?
The FBI office in Oregon chimed in on the security issues associated with IoT (Internet of Things) devices that millions are installing around their homes.
Everything from thermostats to lighting systems to doorbells and major appliances are connecting to the internet, and the FBI is warning that these IoT devices could be the gateway that allows cyberthieves to gain access to your router and everything attached to it.
An IoT device manufacturer’s track record on security isn’t great, which is why myriad vulnerabilities discovered in popular webcams, doorbells and smart TVs, just to name a few, have been reported.
Keeping them on a separate network makes it rather difficult to get to your computers from a compromised IoT device.
Option 1 — 2 separate networks
The most secure, but least cost-effective approach, is to actually have two separate internet connections, with each using their own router.
You can either contract with your current ISP for a second connection, or opt for a second connection from another ISP if you want a little outage insurance.
Option 2 — 1 router, separate SSIDs
Most current routers have the ability to set up a wireless “guest network,” which is separate from the primary network. To activate this option, you will need to get into the router’s settings and look for a reference to guest access or guest network.
To access these settings, you’ll have to know the administrative username and password for the router, which can be accessed via a web browser or an app if one is available for your device.
If your router has an option that allows guests to access local network resources, make sure to turn it off. In some cases, your device may use the term “Isolate,” which accomplishes the same thing — that is to keep anything connected to the guest network to access anything other than the internet.
There may be additional security options available, such as blocking access to the settings menu from the guest network. So, be sure to thoroughly review all of the security settings available.
Option 3 — 2 separate routers
The most complicated approach is to use a single internet connection but two separate routers that are properly connected and configured.
Connecting them improperly won’t achieve the security goal of isolating your IoT devices; and depending upon the two devices you’re connecting, there are going to be a number of configuration steps required as well.
This is not something that I would recommend that you attempt unless you or someone that is helping you is network savvy.
Additional steps
No matter which approach you take, make sure you change any default passwords on all of your devices, make passwords as long as you can and do not use the same password for everything.
Make sure you have checked for firmware updates on your router(s) and IoT devices to patch any known vulnerabilities and turn on auto updates when available.
If updates aren’t automatic, create a calendar reminder to check for updates at least once a quarter.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.