Questions about securing my smart home

[Krisp-kiwi]

Hey everyone,

 

I've been following along this tutorial  to try to safeguard my network in my home as I don't want one of my cheaper smart home devices being compromised and being a gateway into my network. I've started the process of connecting devices to different SSIDs and the IOT devices will then go onto their own Vlan but I'm wondering if I'm selecting the right devices, for example I'm not sure if my Amazon Fire Tablet should be trusted to be on my main network or the IOT network, same with the Xbox although this one is mostly due to seeing another network guy put his Xbox outside of his main network. Also my Lan includes my Amazon Fire Cube, not entirely sure about this but the video doesn't cover separate Lans. So I guess the question I'm asking is where would you place these devices on the network?

 

So far the network is this:

 

Lan:
Main computer, amazon fire cube, Samsung smart tv, phillips hue hub, steamlink, 

Main wireless network:
Mobile phone, Laptop and last but not least the Amazon Fire 8 HD Tablet (I only really use this as a kitchen display, thinking of attaching it to my treadmill to watch netflix on if i can find a mount) 

My IOT network with separated SSIDs between 5 and 2.4 on Vlan 20
5ghz: Xbox One S, Amazon Fire Tv stick, My echo show, fitbit aria scale and 2 echo dots

2.4ghz: 5 Sonoff smart switches, 2 broadlink minis, 2 wyzecams, 1 kettle, my sprinkler system, an LED strip & ring doorbell

 

Would you change anything?

[WereCatf]

6 minutes ago, Krisp-kiwi said:

I've started the process of connecting devices to different SSIDs

Using different SSIDs doesn't mean anything. It does not separate the devices from other devices, unless you've specifically created a separate network for those SSIDs. You also mention LAN and "Main wireless network"; are they actually two separate networks? If you can e.g. ping your desktop from your phone and your phone from your desktop, then no, they're not fully separate networks.

9 minutes ago, Krisp-kiwi said:

same with the Xbox although this one is mostly due to seeing another network guy put his Xbox outside of his main network

Seems pointless. Xbox isn't a low-end IoT-device, it's definitely not easily compromised.

[Krisp-kiwi]

14 minutes ago, WereCatf said:

Using different SSIDs doesn't mean anything. It does not separate the devices from other devices, unless you've specifically created a separate network for those SSIDs. You also mention LAN and "Main wireless network"; are they actually two separate networks? If you can e.g. ping your desktop from your phone and your phone from your desktop, then no, they're not fully separate networks.

Seems pointless. Xbox isn't a low-end IoT-device, it's definitely not easily compromised.

 

The Lan and Main wireless are on the same network, it's just the IOT devices that are going to be on their own Vlan with firewall rules like in the tutorial. The tutorial also mentions creating a NoT network but I don't think any of my devices fit that so I haven't included it at the moment.

Yeah I didn't think the Xbox would be a risk but then I started thinking well the Xbox one s is going to be outdated soon and the odds of constant updates after the next gen comes out might make it a target I know its unlikely but its a thought I had. Also fire Tablet is still something I'm undecided on, It's a low end budget tablet and I don't spend much time on it at all at the moment just mounted to show the weather and recipes, this may change if I can find a treadmill mount but I'm still not sure. 

[Krisp-kiwi]

Drat the Fire HD tablet looks like it disconnects when I make the wifi SSID invisible too.