Isolating Devices on a Home Network

2016-11-16

Call me paranoid but I'd really like to be able to easily isolate devices on a home network.

As it is most people have at a best a single router running a single local area network. On that network they have 1 or more computers, 1 or more tablets, 1 or more phones. Then they might have 1 or more smart TVs, 1 or more game consoles. And finally now people are starting to add Internet of Things (IoT) devices. IP Webcams, Network connected door locks, Lights that change color from apps, etc...

The problem is every device and every program run on every phone/tablet/tv/game consoles/computer can hack all your other devices on the same network. That includes when friends visit and connect to your network.

So for example here's a demonstration of hacking into your network through the network connected lights. There's ransomware where your computer gets infected with a virus which encrypts all your data and then demands a ransom to un−encrypt it. The same thing is happening to smart TVs where they infect your TV, encrypt it so you can't use it and demand money to un−encrypt it. Printers can get infected.

All of this gets easier with every app you download. You download some new app for your phone, you have no idea if, when it's on your home network, that it's not scanning the network for devices with known exploits to infect. Maybe it's just hacking your router for various reasons. It could hack your DNS so when you type "mybank.com" it actually takes you to a fake site where you type in your password and then later get robbed. Conversely you have no idea what bugs are in the app itself that might let it be exploited.

One way to possibly mitigate some of these issues seems like it would be for the router to put every device on its own network. I know of no router than can do this easily. Some routers can make virtual networks but it's a pain in the ass. Worse, you often want to be able to talk to other devices on your home network. For example you'd like to tell your chromecast to cast some video from your phone except you can't if they're not on the same network. You'd like to access the webcam in your baby's room but you can't if they're not on same network. You'd like to print but you can't if they're not on the same network etc...

So, I've been wondering, where's the router that fixes this issue? Let me add a device with 1 button that makes a lan for that one device. Also, let me choose what other devices and over which protocols that new device is allowed to communicate. All devices probably also need to use some kind of encryption since with low−level network access an app could still probably manage to hack things.

I get this would only be a solution for geeks. Maybe it could be more automated in some way. But in general there's clearly no way you can expect all app makers and all device makers to be perfect. So, the only solution seems like isolating the devices from each other.

Any other solutions?

Tags: Uncategorized
Comments
WebGL2Fundamentals.org and stuff
After 11 years of waiting The Last Guardian has some how lost the magic