I'm just looking for tips and thoughts on hardening my home network. It's nothing particularly crazy, streaming, playstation/switch, eventually a plex server and pc gaming, maybe some smarthome stuff.
I understand the smarthome devices should be placed on their own VLAN.
I'm just wondering what steps you guys take to protect your home network. What ports do you close/disable?
I'm currently subscribed to IPVanish. Should I continue to just use the desktop app, or should I set that up in my router's config? Does it change servers or automatically select them, or is it just one server all the time? If I set this up in my router, does that apply to my whole network, or segment certain parts of the network for specific services, like say my plex server or playstation?
Thanks in advance for all your suggestions!
IoT devices should be in a vlan so they can’t interact with your “secured” devices like windows machines, mac’s, etc.
You would need a firewall/router that supports vlans, switches that obey vlan policies, and Wifi AP’s that obey vlan policies and would need to set up multiple SSID’s (one for “secure” network, one for IoT).
Using a VPN in the way your using it doesn’t really do much… unless your trying to avoid your ISP knowing where your connecting. But that isn’t really important or meaningful unless you live somewhere where they don’t allow you to visit certain sites or they monitor and track your usage, like, say China. The “more useful” use for a VPN is one you host yourself inside your network so you can VPN into your LAN when your away to access your network shares or manage webUI’s of any appliances you have (like your firewall, or switches, or SSH clients etc).
You don’t “close ports”, by default all ports are closed, and should always remain this way unless you have a specific reason to open a port and will expose something that is actually hardened and intended to be externally exposed.