(Or how I learned to relax and love IOT devices)
With the rise of IoT and the seemingly endless amounts of small Linux powered compute devices plugged in around the house the threat from hostile actors has grown exponentially. Hackers like to use these devices to move laterally in your network to steal information stored on your devices or set up botnets to deploy DDoS attacks with enough bandwidth to take down even the most hardened servers. Most of these devices come with default usernames and password that can’t be changed by the end user if that end user is even technically savvy enough to do such a thing! I have literally googled the password for a clients home modem. So How would you stop or at least limit the ability of these bad actors without splashing out thousands of dollars on some fancy new network switch or hardware firewall? Easy, buy the cheapest wifi router you can get your hands on and slap some custom firmware on it to give you more granular control over that network. After you setup the IoT devices on this network they can call home and talk to each other all they want while leaving your real network out of the conversation. To this end I bought this!
Sorry about the poor picture quailty in this post, I did get a better camera since these were taken!
Step one is to pick a custom firmware to load onto the router. I went with OpenWRT not for any real reasons but more because they had a firmware build that would easily work on the router I bought.
Step two is to load said firmware to the device with the built in configuration panel. Pretty straight forward enough all you have to do after downloading the firmware image that is compatible with your device and “update” the current firmware with this new one in the advanced tab for this router. You might have a different layout but the key to to find the firmware update area and pop in the custom image you downloaded. After an install and reboot the router is not running OpenWRT!
Step three is simply setup the network and security setting like any other home router you would harden but with the new firmware you get a lot more flexibility and maybe even some features the old firmware didn’t have!
While you are playing around in this new software why not set up a ssh login so you can remotely administer the router so you dont need to connect a device to the IoT network itself to make any changes you might need to. Later on maybe I’ll write up a How-To for setting up ssh but for now I won’t go down that rabbit hole.
That’s pretty much it. Get your IoT devices connected to the new network and feel a lot better that the hundreds of connects made by these sometimes shady devices make because they at least can’t infect your actual network with the wide range of RATs and bots and ransomware that plague so many people and companies worldwide.
Have any other great tips or tricks to help secure or keep secure SoHo networks? Please share them below!