The cost of IOT, we buy it and still we are the product

Forum rules

No spam or trolling allowed -- please keep topics and posts respectful.

Posted on
Tue Aug 14, 2018 1:23 am
henkjanvries offline
User avatar
Posts: 108
Joined: May 05, 2012

The cost of IOT, we buy it and still we are the product

Long, long time user here of indigo, never going away i think.

But the world of IOT has changed enormously in the last years.

What is your take on a bit like this: http://bit.ly/2vEVopO

How do you keep it safe, and stay on top of the data you share with the services you have?
Especially those devices that on first goance might not talk back, but do a give away basic data that shouldnt leave the house.

Again, i love the product of indigo, i am very cautious to what i buy. im only curious to others opinions and ideas.

Posted on
Tue Aug 14, 2018 7:11 am
Different Computers offline
User avatar
Posts: 2533
Joined: Jan 02, 2016
Location: East Coast

Re: The cost of IOT, we buy it and still we are the product

First off, I think anyone settled on Indigo is way ahead on this, as the central control system for their setup doesn't even need internet and for sure doesn't spy on anything.

Then there's Siri vs. Google and Alexa, where it's clear that Apple is invested in differentiating itself by valuing customer privacy vs. monetizing the invasion of privacy.

Past that, if you settle on making your devices smart by controlling them with something you trust -- namely Indigo -- rather than relying on any device to be smart on its own, you have significantly fewer potential spies in your house. A Z-wave switch isn't talking to the Secret Z Masters on the internet. It isn't smart enough. Hue switches? Generic Chinese wifi switches? Wemo? Who knows.

Then there's the firewall. You gotta turn it on, in and out. Since upgrading to a Ubiquiti Security Gateway, I've found several devices that Egyptian (!) servers try to reach all the time. They're both cheapo low quality cameras from China sold under the "Knewmart" brand. I won't make that mistake again, and further, I've got them so locked down they can't even access a network time server.

SmartThings refugee, so happy to be on Indigo. Monterey on a base M1 Mini w/Harmony Hub, Hue, DomoPad, Dynamic URL, Device Extensions, HomeKitLink, Grafana, Plex, uniFAP, Fantastic Weather, Nanoleaf, LED Simple Effects, Bond Home, Camect.

Posted on
Wed Aug 15, 2018 6:23 am
DaveL17 offline
User avatar
Posts: 6741
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: The cost of IOT, we buy it and still we are the product

I've segmented my network into VLANs with the following nicknames:

Private - This is my main network. Indigo is on the Private network.
IoT - This is where I put devices that need to communicate with the Private network but don't need direct access to it. In other words, I can ping a device on IoT from Private and get a response, but IoT can't ping Private or any other VLAN. IoT has access to the Internet.
Zombie - This is where I put devices that need Internet but require no interaction with Private or any other VLAN. This is where I put things like DVD players that need Internet for firmware updates.
Guest - This has access to the Internet but no access to any other VLAN.

- Zombie and Guest are essentially set up the same way, but this keeps users on my Guest network from having access to my Zombie devices.
- Each VLAN has its own WiFi network.
- I can't ping devices on Zombie or Guest unless I attach to those VLANs.
- I only put devices on Private when necessary--otherwise, they go on one of the other VLANs.
- Communication between the VLANs is blocked unless I specifically unblock it.

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Wed Aug 15, 2018 6:42 am
henkjanvries offline
User avatar
Posts: 108
Joined: May 05, 2012

Re: The cost of IOT, we buy it and still we are the product

Thats well thought through. But not a an ordinary router/fw. What you got running to do this?


Verzonden vanaf mijn iPhone met Tapatalk

Posted on
Wed Aug 15, 2018 10:22 am
DaveL17 offline
User avatar
Posts: 6741
Joined: Aug 20, 2013
Location: Chicago, IL, USA

Re: The cost of IOT, we buy it and still we are the product

Thanks.

If you can afford it and it will work in your installation, take a look at the Unifi Security Gateway. It can be found for around US$100 and then, if you can manage, turn your existing router into a WiFi access point. Unifi supports their kit well, and provides good coverage for emerging vulnerabilities. They're not perfect, but compared to the competition, they are top notch.

I came here to drink milk and kick ass....and I've just finished my milk.

[My Plugins] - [My Forums]

Posted on
Wed Aug 15, 2018 11:01 am
siclark offline
Posts: 1960
Joined: Jun 13, 2017
Location: UK

Re: The cost of IOT, we buy it and still we are the product

DaveL17 wrote:
Thanks.

If you can afford it and it will work in your installation, take a look at the Unifi Security Gateway. It can be found for around US$100 and then, if you can manage, turn your existing router into a WiFi access point. Unifi supports their kit well, and provides good coverage for emerging vulnerabilities. They're not perfect, but compared to the competition, they are top notch.

I use the edge router lite grin them song with their WiFi APs are they are great. What I can't get round is
requiring Sonos to be on private vlan to talk to indigo and my iPhone.
Requiring echo dots to be on private to connect to indigo
Hue to be on private to connect to indigo
Cameras to be on private to connect to security spy

I have a few IoT WiFi devices on external only like you but it's not many.
What I am interested in and looking forward for the right device is the plugin devices to router or between modem and router that are "smart" and will block devices automatically. Don't think the right one for my setup exists yet.




Sent from my iPhone using Tapatalk

Posted on
Thu Aug 16, 2018 10:53 am
siclark offline
Posts: 1960
Joined: Jun 13, 2017
Location: UK

Re: The cost of IOT, we buy it and still we are the product

What are people's thoughts on devices like this, and the couple of others already on the market. Hardware firewalls for home.

https://www.indiegogo.com/projects/fire ... e-security

They seem to be basic setup and replace WiFi router, or better sit between modem and router to leave existing switch /AP setup unchanged or the one above does arp spoofing to route app traffic through it.

Are these a step above a decent firewall on a prosumer type router, like ubiquiti's?
Or not needed?


Sent from my iPhone using Tapatalk

Posted on
Fri Aug 17, 2018 9:15 am
siclark offline
Posts: 1960
Joined: Jun 13, 2017
Location: UK

Re: The cost of IOT, we buy it and still we are the product

Thanks Ian, yes, agreed that some of this stuff is all a bit unknown and each will come with their own flaws and strengths. As I mentioned there are others.

Cujo for instance, also works the same, and can sit between modem and router but doesnt even mention its speed, or impact on throughput. but seems to do deep packet inspection

https://www.getcujo.com/smart-firewall-cujo/

Dojo just looks to review meta data

RatTrap sounds interesting. https://www.myrattrap.com/technology/

Posted on
Wed Mar 20, 2019 7:21 am
siclark offline
Posts: 1960
Joined: Jun 13, 2017
Location: UK

Re: The cost of IOT, we buy it and still we are the product

Haha. Indication of how hard this is to get right. Cujo referenced above opened more holes into the network rather than closing then!!

CUJO Smart Firewall vulnerabilities exposed home networks to critical attacks https://www.zdnet.com/article/cujo-smar ... l-attacks/


Sent from my iPhone using Tapatalk

Posted on
Wed Mar 20, 2019 8:21 pm
peszko offline
Posts: 311
Joined: Mar 07, 2012

Re: The cost of IOT, we buy it and still we are the product

Personally I don't want to touch any device that is cloud based for several reasons. First sooner or later they will collect, use and sell your information. Second, at some point they may abandon your product or product version and brick your devices. Thirdly it is not really in their business interest to make your device/system secure possibly opening you up to a third party attack. There are exceptions, but generally that's the way it is. It's not personal, its business.

One reason I really like Indigo is that it doesn't need to be connected to internet, nor does it seem to send information to the cloud (if you could confirm that Mat. I haven't noticed any connection attempts beyond the license verification, which I allow). I also like that it runs on Mac, which is also (in my opinion) more concerned with privacy and security then many other vendors.

Either way, I still protect my network with a commercial grade firewall (Fortigate) and have my automation segregated (in to physically separate networks). Most of my automation devices are not smart enough to connect to the internet (by choice), but ones that are, do try to continuously reach the outside world. I can see my cameras trying to connect to servers around the world, especially china. My TV once connected tried to initiate a flurry of connections as does my Logitech harmony remote (both blocked). It doesn't have to be nefarious, but sometimes it is. I had one camera (since trashed) try to reach a known botnet.

The problem is that most people will not be able to take such measures to protect themselves, nor will many understand the need. People using Indigo is a self selected group of computer enthusiasts who are better able to secure their networks i think. I happen to be an electrical engineer and worked in the past in securing corporate networks, but even with my knowledge I know that what I'm doing is not a guarantee of privacy and security. Nor am I doing the maximum that I could. The problem is that security is a trade of and I'm no longer willing to live with the constraints of a highly secured network. I know that if someone with decent knowledge of network security and serious intent on compromising my system will do so. I just hope, that my security setup is good enough to prevent an average hacker from getting in and that I'm not interesting enough target for the advanced one to try. :-)

My 2c

Posted on
Fri Mar 22, 2019 10:22 am
matt (support) offline
Site Admin
User avatar
Posts: 21411
Joined: Jan 27, 2003
Location: Texas

Re: The cost of IOT, we buy it and still we are the product

peszko wrote:
One reason I really like Indigo is that it doesn't need to be connected to internet, nor does it seem to send information to the cloud (if you could confirm that Mat. I haven't noticed any connection attempts beyond the license verification, which I allow). I also like that it runs on Mac, which is also (in my opinion) more concerned with privacy and security then many other vendors.

The only time the Indigo Server contacts our backend servers is for license authentication, to check for updates, and to establish a reflector connection (only done if you are using a reflector). 3rd party plugins obviously are a different story, but for the core functionality we limit our backend calls to when they are needed and we always design and QA our implementation so that if an internet connection isn't available the server continues to operate.

During the version checking Indigo Server can optionally send (checkbox in General panel of Indigo's preferences) some minimal system information, so we can have an idea of what versions of macOS our users are actively using.

We might expand the Indigo Server <-> backend communication in future versions, but that would be to offer additional (and optional) functionality. Basically, we know that Indigo being a standalone and cloud independent HA solution is one of its cores strengths and it isn't something we are going to jeopardize.

Image

Posted on
Fri Mar 22, 2019 3:55 pm
jltnol offline
Posts: 989
Joined: Oct 15, 2013

Re: The cost of IOT, we buy it and still we are the product

Indigo being a standalone and cloud independent HA solution is one of its cores strengths and it isn't something we are going to jeopardize.


THANKS from all of us!!

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 3 guests