[Cryptography] FBI: Don't trust IoT devices
Jeremy Stanley
fungi at yuggoth.org
Wed Dec 11 11:13:26 EST 2019
On 2019-12-10 10:57:30 -0800 (-0800), Henry Baker wrote:
[...]
> To a first approximation, just consider isolating
> each device in such a way that it can't "see" any
> other device, but it can still talk to the internet.
[...]
For wired LANs, the most common solution is referred to as "port
isolation" or "Private VLAN" but Cisco has a patent stranglehold on
the concept laid out in IETF RFC 5517 and has litigated against
perceived infringers who don't bow to their demands for license
tithes:
https://en.wikipedia.org/wiki/Private_VLAN
https://www.essentialpatentblog.com/2016/07/itc-rejects-de-facto-standard-defense-337-ta-944-cisco-v-arista/
For IEEE 802.11 wireless, many WAPs implement something called
"wireless client isolation" or "AP isolation" to prevent client
systems from communicating with anything besides the Internet
gateway:
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan#step_2copy_the_existing_wireless_network
https://wiki.dd-wrt.com/wiki/index.php/Advanced_wireless_settings#AP_Isolation
So the options are there, but I agree, if I hadn't spent years as a
network engineer I probably wouldn't begin to know what to look for.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191211/e295852c/attachment.sig>
More information about the cryptography
mailing list