[Cryptography] FBI: Don't trust IoT devices

Henry Baker hbaker1 at pipeline.com
Wed Dec 11 18:57:48 EST 2019

At 08:13 AM 12/11/2019, Jeremy Stanley wrote:
>On 2019-12-10 10:57:30 -0800 (-0800), Henry Baker wrote:
>> To a first approximation, just consider isolating
>> each device in such a way that it can't "see" any
>> other device, but it can still talk to the internet.
>For wired LANs, the most common solution is referred to as "port
>isolation" or "Private VLAN" but Cisco has a patent stranglehold on
>the concept laid out in IETF RFC 5517 and has litigated against
>perceived infringers who don't bow to their demands for license
>For IEEE 802.11 wireless, many WAPs implement something called
>"wireless client isolation" or "AP isolation" to prevent client
>systems from communicating with anything besides the Internet
>So the options are there, but I agree, if I hadn't spent years as a
>network engineer I probably wouldn't begin to know what to look for.
>Jeremy Stanley

Mucho thanks for the info & links!

What about achieving this isolation goal via encrypted tunnels/encrypted VPN's, etc?  Yes, I know, one could still do traffic analysis, but they could probably do that (with additional effort) even with Cisco's mechanisms.

I don't know if I would trust Cisco "port isolation" to devices that can run tcpdump/wireshark/snort/etc. 24x7, even if I had Cisco routers.

More information about the cryptography mailing list