Jump to content

Welcome to Smart Home Forum by FIBARO

Dear Guest,

 

as you can notice parts of Smart Home Forum by FIBARO is not available for you. You have to register in order to view all content and post in our community. Don't worry! Registration is a simple free process that requires minimal information for you to sign up. Become a part of of Smart Home Forum by FIBARO by creating an account.

 

As a member you can:

  •     Start new topics and reply to others
  •     Follow topics and users to get email updates
  •     Get your own profile page and make new friends
  •     Send personal messages
  •     ... and learn a lot about our system!

 

Regards,

Smart Home Forum by FIBARO Team


Network Security


Guest David86vm

Recommended Posts

Guest David86vm

Hi all,

 

I was wondering how you guys handle the security of your home lan, with connection of fibaro systems, satel alarm and ip Camera's

 

Currently I desided to put al my IP Camera's on a seperate VLAN block from going to the internet, and I need a VPN to view remote.

 

Thinking about how to secure connect the HC2 and my Satel alarm together in one system with IP camera and keeping is secure.

Yes i would like remote acces (can be trough VPN) and push message directly.

 

My Satel system is currently not yet connected with the home center due I don't how to make a proper secure setup.

 

How are you guys doing this ?

 

Link to comment
Share on other sites

use router (e.g. Zyxel USG with 2 WAN ports, to have failover as well) with firewall and e.g. objects to allow communication on specific ports between VLANs and from security VLAN to outside world (for e.g. push)

Edited by tinman
Link to comment
Share on other sites

Guest David86vm
  • Topic Author
  • I'm using a Edge Router lite with a managed switch. 

     

    @tinman do you isolate ip based traffic between the home center and satel system?

    Link to comment
    Share on other sites

    not satel, but other security system, however for satel will be similar setup, just enable specific objects (based on mac) intercommunication over specific port (7094 i think)

    Link to comment
    Share on other sites

    • 2 months later...
    On 31-1-2018 at 6:49 PM, David86vm said:

    I was wondering how you guys handle the security of your home lan, with connection of fibaro systems, satel alarm and ip Camera's

    I use (several) Ubiquity LAN devices, like managed switches, accesspoints and gateways. These are managed by a central controller, which is called a CloudKey, but it is possible to use it for LAN access only (without the need of being forced into the cloud, which I prefer).

     

    For my IP-cameras I use a separate VLAN, also a separate VLAN for IoT devices. All access to the internet is blocked, even the HC2. The only access to the internet is a Synology (for use of OpenVPN to access the LAN from the internet) and a Raspberry Pi with Node-Red.

     

    I have just one port opened for accessing my LAN (OpenVPN). Access is firewalled (country/mobile provider IP-range only) and encrypted. Access from outside my LAN can only be done by OpenVPN. When accessed I can access all services like I do on LAN.

     

    On the LAN, I have enabled encrypted communication as much as possible (HC2 is the real weakest link), enabled monitoring with DPI (Deep Packet Inspection) and active protection by IPS (Intrusion Prevention System/Suricata). Also a set of firewall rules is used to prevent unauthorised (LAN) connections.

     

    Once in a while a do some penetration testing (OpenVas, Kali etc.), check several sites with the latest information (shodan.io, exploit-db.com [

    Please login or register to see this link.

    ], blog.g0tmi1k.com etc.)

     

    The keywords are: Segregation, firewalling, encryption, update & backup, monitoring & (re)act. And, of course , ask! ;D

     

    BTW, I don't have a Satel Alarm...

    Edited by Lambik
    • Like 1
    Link to comment
    Share on other sites

    The topic has been moved from "

    Please login or register to see this link.

    " to "

    Please login or register to see this link.

    ".

     

    Temat został przeniesiony z "

    Please login or register to see this link.

    " do "

    Please login or register to see this link.

    ".

    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×
    ×
    • Create New...