Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | [3] | 4 | 5 | (show all)   Print Thread
Standard User Fido
(experienced) Sun 08-Feb-26 22:20:40
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: jpm] [link to this post]
 
In reply to a post by jpm:
In reply to a post by Fido:
Actually I see the main defense as being the router setup and the Hardware Firewall in the Router followed by our taking care as to which websites are visited and what apps are used and from where. - Kaspersky is near to the last line of defense.
This thinking is probably a decade out of date. The network edge isn't the security perimeter, your router is not doing anything for your security because it cannot see encrypted traffic. At best it is preventing outbound botnet C&C connections but even then probably not, and by the time you have clients talking out to C&C things have already gone badly wrong.


That is not surprising to me since I am now getting old and since I retired over 15 years ago I do not usually give it much thought.

The Asus RT-AX88U Pro Router that I use has a number of AI Security Features that I have taken up and these are monitored by Trend Micro, so there are other router features and security features in the router that already help protect my system.

I fully realize that I do not know enough about internet security as it was never my field and that the more that I do know, the more I realize how little I do know, even though I am confident that my system is far more secure than most others.

Working on the basis that the companies that sell and who manage security software have published information about the risks of smart devices, (including TVs), on the Home LAN I have concluded that my using three separate LANs may be a good policy for me and I intend going down that route.

The following links may provide useful information to anyone who is interested in finding out more about smart devices on the Home LAN.

https://www.kaspersky.co.uk/blog/how-to-secure-smart...

https://www.bitdefender.com/en-gb/blog/hotforsecurit...

https://www.google.com/amp/s/www.pandasecurity.com/e...

https://www.trendmicro.com/vinfo/gb/security/news/in...

Therefore, I plan to only use my main WIFI for devices that browse the web, my guest wifi will be for visitors and for our printer/scanner and the house CAT6A Ethernet Network, (which will have all of the Smart TVs, Hive System, N300A, XBoxes, Sky QBoxes, etc on it), will be attached to single a 2.5GHtz Router Ethernet Port 5 that operate on a separate VLAN Network that I will call IOT.

It won't cost me a penny since I already have the equipment to set it up in this way.

Regarding Kaspersky; I see the biggest danger could be with Kaspersky gaining access to personal information but since I have already been using Kaspersky for over 10 years, if there is a risk, that ship has already sailed and in some ways the same applies to anyone who has used it previously.

Other than the Russian Connection, Kaspersky is very good Internet Security Software and up to now no-one has given us any alternatives to compare it with other than Windows Defender which is good for Windows PCs.
Standard User DFScale
(experienced) Sun 08-Feb-26 22:40:45
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
Just to stir the pot a little.

The following falls into the category of known unknowns

In reply to a post by Fido:
On a separate issue; last year we bought a new all singing/dancing Cannon Printer/Scanner that actually works great as a device but in order to use the Cannon Software for it, we needed to agree to Cannon T&C that seemed to allow Cannon far more access to my personal information and my devices than I was comfortable with; so I located this Cannon Printer/Scanner on my Guest WIFI Network which means that my other devices need to login to my Guest WIFI in order to access the Cannon Printer/Scanner (which is a slight hassle) but it restricts its access to my Main LAN Network Devices.


In dealing with this known unknown, you have now opened up a networks path between your House network and your Guest network.

ie you have increased your exposure to unknown unknowns on your Guest network.
Standard User Taras
(eat-sleep-adslguide) Mon 09-Feb-26 10:45:47
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: DFScale] [link to this post]
 
In reply to a post by DFScale:
Just to stir the pot a little.

The following falls into the category of known unknowns

In reply to a post by Fido:
On a separate issue; last year we bought a new all singing/dancing Cannon Printer/Scanner that actually works great as a device but in order to use the Cannon Software for it, we needed to agree to Cannon T&C that seemed to allow Cannon far more access to my personal information and my devices than I was comfortable with; so I located this Cannon Printer/Scanner on my Guest WIFI Network which means that my other devices need to login to my Guest WIFI in order to access the Cannon Printer/Scanner (which is a slight hassle) but it restricts its access to my Main LAN Network Devices.


In dealing with this known unknown, you have now opened up a networks path between your House network and your Guest network.

ie you have increased your exposure to unknown unknowns on your Guest network.


You have completely missed the point of benign hardware meeting privacy evading software rather than crossing vlans

ie, nice door bell cam meeting some dodgy software which can send information anyone requesting it - even thiefs ..


Register (or login) on our website and you will not see this ad.

Standard User Fido
(experienced) Mon 09-Feb-26 13:19:57
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Taras] [link to this post]
 
In reply to a post by Taras:
You have completely missed the point of benign hardware meeting privacy evading software rather than crossing vlans

ie, nice door bell cam meeting some dodgy software which can send information anyone requesting it - even thiefs ..


I am starting to feel a bit like the Coconut in the "Shy".

Just saying that it is the wrong way is in a small way helpful.

However, letting us all know what the correct method is would be much more helpful.

I started the thread because it seemed like there is a potential issue regarding access to Smart Devices on a Home LAN Network and I was seeking helpful input from those who fully understand internet security; which I do not.

Good practice for Internet Security moves on. - At one time some people used Open WIFI while most of us used WEP, which then became WAP and which is now WAP3 - Personal: for Home Users.

If Smart Devices are NOT a weakness in a Home LAN Network then OK. - There is no issue. - All is Good!

If there are potential issues then using multi routers or managed ethernet switches would probably work well and it may be a way forward if a Smart Device issue actually exists. - (However the SH2 would need to be connect to the ONT to be in control (if I used both of my routers) but the SH2 is a Lada when compared to the RT- AX88U Pro which is a sports car.

My plan to use the IOT Network Setup option on my Asus RT-AX88U Pro Menu with an Ethernet VLAN, Separate from the Main Home LAN, just seemed to make the RT-AX88U Pro Router GUI inaccessible and I needed to carry out a Router Factory Reset to recover it. - (Upon google this could be a known issue with high end Asus Routers when the IOT is created so that plan needs more thought).

At present we do not have any door cameras or other cameras but if we did have door cameras we would want them to be secure.

Is just having all devices on one Home LAN considered to be the best way forward ?

I am sure that many of us would benefit from knowing the answer to this this, (especially those who just use the ISP Supplied Routers.
Standard User Fido
(experienced) Mon 09-Feb-26 21:34:58
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
While all we wait patiently for helpful solutions from the security experts from amongst us who know what not to do; it may be useful to consider if there is a potential issue with having Smart Devices on the Home LAN Network or not.

I have just discovered this webcast from Steve Gibson who I have always considered understands internet security much better than I do and it may be worth checking this video out:

Here is the link;

https://www.google.com/search?q=steve+gibson+IoT+net...


It seems that Steve Gibson had come to the same conclusion as I have in that it may be useful if we had at least one separate Home LAN Network for Smart Devices.

To me separate WIFI Networks are much easier to achieve than separate Ethernet Networks but most of my Smart Devices use Ethernet.

Separate ethernet networks can be achieved by using an additional third party router (a type of slave router for the IoT LAN Network), but I am still presently exploring if it can be achieved by my just using my Asus RT-AX88U Pro Router but I suspect I will end up with another device.

Yet more googling has revealed Steve Gibson's Three Router Solution to IoT Security;

https://pcper.com/2016/08/steve-gibsons-three-router...

There is a lot to think about as having one Home LAN for WiFI and Ethernet and a separate WIFI Guest Network for the most part has been OK and it works seamlessly so a one router solution would be easier if it worked properly but I can see the benefits of a three router solution.

Edited by Fido (Mon 09-Feb-26 22:03:46)

Standard User DFScale
(experienced) Tue 10-Feb-26 02:35:50
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
In reply to a post by Fido:
To me separate WIFI Networks are much easier to achieve than separate Ethernet Networks but most of my Smart Devices use Ethernet.

vLANs give you separate ethernet networks over the same cable. And vLANs can extend over ethernet, although possibly not so easy with consumer routers

In reply to a post by Fido:
Separate ethernet networks can be achieved by using an additional third party router (a type of slave router for the IoT LAN Network), but I am still presently exploring if it can be achieved by my just using my Asus RT-AX88U Pro Router but I suspect I will end up with another device.

vLANs give you more networks than you can shake a stick at from a single managed switch

In reply to a post by Fido:
There is a lot to think about as having one Home LAN for WiFI and Ethernet and a separate WIFI Guest Network for the most part has been OK and it works seamlessly so a one router solution would be easier if it worked properly but I can see the benefits of a three router solution.

Beyond your router, you only need a managed switch and a vLAN aware Wireless Access Point [or more for physical coverage, but if you have the physical coverage, a single WAP will give you the vLANs]
Standard User clyde123
(committed) Tue 10-Feb-26 08:56:32
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
Expecting a straightforward answer on exactly what should be done is a bit like voting for a politician.
We know what they say up front. But real life experience is usually much different from expectations.

If someone came on and said do this, this and this, and all will be perfect, it's a red rag and the black hatters would have those things usurped toute suite.

Security is mostly about trying to stay one step ahead of others. Update, upgrade and stay on top of it all the time. It's a lot of work.

You mentioned Kaspersky. That has been one of the better ones for years, probably still is. But it's being put down because of the founder's nationality. Personally I would rather use that than some of the alternatives.
Keep on doing what you have been doing. Obfuscate. Introduce "physical" barriers like Vlans, separate subnets, even maybe VPNs if you like. The more complications, the harder it would be for intrusions. Avoid wireless whereever possible. Use a multitude of email addresses, separate passwords for every application. If viable make use of cheap PAYG Sims and alternative broadband connections.

But there never will be perfection in security.
Standard User Fido
(experienced) Tue 10-Feb-26 11:30:03
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: clyde123] [link to this post]
 
I tend to take a modular approach to any potential problems and at first I just sought to find out if a potential issue does actually exist.

Then as the discussion progressed and after more googling from me it seemed that my suspicions that there could be potential security weaknesses, (in the Home LAN Network), if every device in the house is on the same LAN, which is why I then explored other options. (To me the video from Steve Gibson makes a discussion about the question if any potential security issues could potentially arise is now mute but some may disagree).

It could be argued that Anti Virus/Internet Security Software defends the browsing devices on the Home LAN Network if a Smart Device on the Home LAN Network gets hacked, so I mentioned that I use Kaspersky Premium.

My Asus RT-AX88U Pro router also has AI Protection monitored by Trend Micro ad one of its security features.

The fact that I use Kaspersky Premium was then homed in on but as you say Kaspersky Premium is usually at the top or is very near to the top in all AV Comparisons and it is only the Nationality of the founder that is used to criticise it. - I did point out that a few years ago I tried to change to Norton, (which inexplicably removed my Windows 10 restore points as it was installed ****** and Norton worked badly and had features I could not turn off). - I asked about what other users, who criticise Kaspersky, considered to be reasonably priced viable alternatives to Kaspersky Premium and so far no one has put forward a good alternative but I still have up to February 2027 to find one.

We have very few home devices that use WIFI because the whole house was wired in CAT6A Cable some years ago. - The Guest WIFI is mostly used by immediate family and our grandchildren when they visit).

Since I was always more comfortable with hardware rather than software solutions my instinct is to use hardware to create separate the LANs but since my router is supposed to support VLANs I tried that method but so far that was not successful and I had to carry out a Factory Reset to regain access to my router. (Perhaps, Merlin Firmware would make setting up VLANs without losing router access easier, I don't know if it would but I am reluctant to use third party firmware).

We have Nord VPN.
Standard User PCJM40
(fountain of knowledge) Tue 10-Feb-26 11:49:11
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
I'm no expert on networking but my thought on this are that every device on a (V)LAN is a potential risk to other devices on the same (V)LAN.

If I had the kit I would do the following:-

Create multiple VLANs on the router to separate out certain categories of devices e.g. camera's and other more vulnerable devices. This would also need setting up access controls between the VLANs so those more vulnerable don't have free rain across all networks. Remember there is also the issue with network broadcasts spanning different LANs so you would need to take that into consideration and that may affect what devices can be separated out

I would use switches capable of tagging ports for specific VLANs so I can have each devices on the network where I need it.
Standard User clyde123
(committed) Tue 10-Feb-26 11:55:46
Print Post

Re: Is a VOIP device on a Home LAN a security risk ?


[re: Fido] [link to this post]
 
Ref AV & other security software.
I used to install Norton all round, but gave up on that around 2006. Eventually settling on Eset - which has served very well.
But Eset has been changing for some time now. The company I mean, the software might still rank very well. They seem to have fallen into the same hole as many previously good companies/products which were taken over by the venture capitalists. Raising prices and locking in users by one way or another.

I'm not able to recommend any particular AV brand any more.
Pages in this thread: 1 | 2 | [3] | 4 | 5 | (show all)   Print Thread

Jump to