Howard Hudson - Week 10 - VLAN

Often, homeowners and business administrators use newer capabilities such as remote access to manage a network. Do you want to add devices such as a wireless HVAC controller and water heater controller? That is no problem. There was as recent burglary down the street so you want to install a few cameras. That is not difficult, wireless camera systems are abundant and relatively easy to setup.

Is there any danger when installing all of those devices on a network? Yes, there is a risk. Most of the wireless devices are not secure, which creates vulnerabilities in a network. Can someone access the camera system and see inside my property? It is possible, but preventable. Applying a few basic security techniques greatly reduces the threat.

Some of the all-purpose precautions that help prevent unauthorized access to your network include maintaining up-to-date software, restricting or eliminating public networks, using passwords that are less common than 123456, password, and abc123. As well, consider changing default passwords. M!C@rI$a7^9fB* is an example of a decent non-randomized password (see picture below). Password managers are a good tool for keeping passwords safe and randomizing your passwords.

There are more advanced ways to protect a network. Excluding fiscal restraints and depth of features, the choices are similar for households and businesses. Two courses of action include separating devices on a network and masking devices.

Changing the name (SSID) of the segments is relatively easy. Simply, edit the names of the network segments (and devices if able) so that the names do not represent the function (or devices); rename an Ubiquiti Camera to an ambiguous name. As well, segregating a network will prevent cross-talk and isolate a breach to one specific VLAN. That means that if someone breaks into a wireless HVAC controller, the IP cameras are not immediately accessible. In addition, keeping sensitive data and devices on a separate segment will provide the same protection. On side note, consider using PoE IP cameras. Doing so will eliminate the vulnerability associated with wireless cameras.

An Ubiquiti Managed UniFi Switch (US-8-150W) provides VLAN features. The TP-LINK TL-SG108PE switch is another option. It provides port based VLAN and software based VLAN. The Cisco SG300-20 Gigabit Managed Switch (SRW2016-K9-NA) provides advances features since it is a Light Layer 3 LAN Switch. It is a better choice for business requirements because it provides advanced capabilities such as VLAN groups and VOIP VLANS among other capabilities.
Bullet Point Summary
  • Maintain up-to-date software
  • Restrict or eliminate public networks
  • Use passwords that are less common and changing the factory passwords
  • Consider password managers if necessary (be aware that some of the programs store your data on their server).
  • Use unmanaged, smart, or managed switches as necessary
  • Separate devices using VLANs
  • Change names (SSIDs)
MyCarIsa79fordBronc*

Resources

Empey, C. (2018, July 19). How to secure your smart home. Retrieved February 18, 2019, from https://blog.avast.com/how-to-secure-your-smart-home

Global CTI. (n.d.). LAN Switching – Layer 2, Layer 3, Light Layer 3. Retrieved February 18, 2019, from https://gcti.com/lan-switching-layer-2-layer-3-light-layer-3/

Rashid, F. Y. (2017, October 16). How to Secure Your (Easily Hackable) Smart Home. Retrieved February 18, 2019, from https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html

Santoso, F. K., & Vun, N. C. (2015). Securing IoT for smart home system. Retrieved February 18, 2019, from https://ieeexplore.ieee.org/document/7177843

Symantec employee. (n.d.). 12 tips to help secure your smart home and IoT devices. Retrieved February 18, 2019, from https://us.norton.com/internetsecurity-iot-smart-home-security-core.html

Widmark. (2017, May 14). Difference Between TP Link SG108E Smart Switch v3 and v2? Retrieved February 18, 2019, from https://www.snbforums.com/threads/difference-between-tp-link-sg108e-smart-switch-v3-and-v2.39137/



Configuring VLANs on 200 and 300 Series Managed Switches
https://www.youtube.com/watch?v=bPBAnRLuco4

TL SG108PE VLAN   4:23
https://www.youtube.com/watch?v=1_Ikd6wDinE

UniFi Switch 8 Follow-Up and VLAN Config   7:56
https://www.youtube.com/watch?v=JblnjsnJNJU

Comments

Post a Comment

Popular posts from this blog

Howard Hudson - Week 3 - IEEE 802.3 Ethernet Frame Standard

Image
Similar to the Ethernet cable, the Ethernet frame has evolved thanks to a focused effort to develop the IEEE 802.3 standard. There were four frame types created (five if you count Ethernet version 1). The standards included Ethernet II (also known as Ethernet 2 and Ethernet DIX), IEEE 802.3, EEE 802.3 + IEEE 802.2 LLC, and IEEE 802 SNAP. However, at the end of the day Ethernet II prevailed. Unfortunately, there are a few points of confusion still floating around the internet regarding the IEEE 802.3 standard because it is not Ethernet per say...it is the IEEE standard.  The first is the structure of the “preamble” and “start of frame”. Second, whether “type”, “length”, or both are used. The third is the use of the “Pad” field. Then again, the Ethernet frame and IEEE 802.3 frame are relatively interchangeable at this point (at the casual conversation level). The Frame  table below is the result of weeding through numerous resources. Frame   7      +     1
Read more

Howard Hudson - Week 4 - IEEE 802.3 Ethernet Cable Standard

Image
In 1991, the original ANSI/EIA/TIA-568 was published. In 1995, ANSI/TIA/EIA-568-A defined the Category 5 cable followed by ANSI/TIA/EIA-568-B.2, which recognized and defined category 5e twisted-pair cable in May 2001.  In August 2009, TIA-568-C.2 identified the requirements for category 3, category 5e, category 6, and category 6A balanced twisted-pair cabling. In November 2017, ISO/IEC 11801 was released which details cabling that support 25GBASE-T applications. T568A and T568B are the two color codes used for wiring 8-position 8-contact/RJ45 modular plugs. Both wire configurations are allowed under the ANSI/TIA/EIA wiring standards.  Whichever one is used, ensure both ends are the same configuration. Category 5e cable is the only version of category 5 cable that is currently used. Category 5e cable and Category 6 cable are the standards for mainstay applications. Category 7 is the new kid on the block with Category 8 following close behind it. https://planetechusa.com/blog/e
Read more

Howard Hudson - Week 7 - TCP/IP Security

Secure communication is very important. I can send an email with “Privacy Act of 1974” in the subject line, but anyone who receives (or intercepts) the email can open it and read it. However, using encryption will protect the email from prying eyes by generating an output that is only legible with decryption. Using encryption does not mean that someone cannot steal your data, but it does mean that it is unreadable unless someone has the code (a key) to decipher the data. There are two encryption types: symmetric and asymmetric. Symmetric encryption uses a single key to encrypt and decrypt data. Asymmetric encryption uses two keys (one private key and one public key); one key is to encrypt and the other is to decrypt. Block cypher and stream cypher are subgroups of encryption. Generally speaking, a block cypher encrypts a block of data whereas a stream cypher encrypts individual bits of data. The table below identifies a few of the encryption types Encryption
Read more