As smart homes become more commonplace, implementation of adequate network security has risen to the level of critical need. This is primarily because of concerns about the security of IoT devices. This is particularly true when it comes to inexpensive devices like smart switches and plugs.

Many internet-enables devices have a purchase cost that is less than $10. Chances are that researching many of these devices, likely purchased from a variety of manufacturers, results in an inability to uncover potential security issues. Even in instances where information is uncovered, the results point to legitimate security concerns. [1]

Where network device security concerns exist, a likely approach involves device isolation, by placing IoT devices on their own isolated network, apart from computers or other network devices — printers, tablets, etc. — that are consistently used where private data is being accessed and should be protected against potential security breaches.

A relatively complex approach would be to establish a physical network structure, much like Steve Gibson suggested in his 3 Dumb Router approach, detailed on his Security Now podcast. [2] The challenge with this approach is the requirement of two additional routers for your home network, coupled with the necessity of having the skills required to set up this somewhat complex security structure.

An alternative approach, favored as a consequence of easy setup, is utilizing modern home routers that include what is commonly referred to as a “guest network” and moving your suspect IoT devices along with other network devices over to the “guest network” and away from your “critical infrastructure devices.” This approach has been detailed in a number of security-related articles. [3] This process is best illustrated by using a typical SOHO network. [4]

The example network’s structure utilizes a TP-Link Archer C9 wireless dual band gigabit router. [5] The router is connected to the ISP’s modem with a wired Ethernet cable. Over 45 network devices are connected to the home network, falling into a variety of categories that include:

Device Type / No. of Devices / Cloud Connected Communication / Connection to Primary or Guest Network

Computers and tablets / 4 / No / Primary
Printer and scanner / 2 / No / Primary
Cell Phone / 2 / No / Primary
Smart TVs / 3 / Yes / Guest
Solar System Monitoring / 2 / Yes / Guest
Smart Thermostat / 1 / Yes / Guest
Home Security System / 1 / Yes / Guest
Smart Switches & Plugs / 26 / Yes / Guest
Smart Speakers (Alexa & Google) / 5 / Yes / Guest

The number of smart switches and smart plugs may seem extreme, but are in large part utilized for electrical use monitoring and control. As detailed in the two recent articles I wrote, the focus in Southern California — where electrical energy costs are excessive — is reducing power usage:

Managing Electrical Energy Costs with Time-of-Use (TOU) Limitations [6]

Making Data Driven Decisions on Time-of-Use Electrical Consumption [7]

A key decision maker with regard to choosing a network for each device centers upon whether direct network access between network devices is necessary. This is best illustrated by two simple examples.

When printing a document from my computer to my printer, there is no reason for the data to leave the confines of my local network.

In order to modify the current temperature setting of my smart thermostat from my computer, I initiate that process by reaching out through a web-based application accessible on the Internet, and modify the current setting. Changes to the temperature setting are communicated to the thermostat from a cloud-based application.

The TP-Link router provides a number of settings that serve to isolate devices on the guest network. The picture below details the ability to limit the ability of devices on the guest network to communicate with each other and limits their ability to access the local network.

NOTES

[1] See Security Analysis of TP-Link Kasa Smart Home Devices, https://dr.lib.iastate.edu/server/api/core/bitstreams/30f5f6ac-993c-4356-8fce-19273e5d0731/content

[2] See Transcript – Security Now Episode 545, https://www.grc.com/sn/sn-545.pdf

[3] For example, see: Why all your IoT devices should be on your guest network

See also: Why your remote team should put all IoT devices on a separate wi-fi network

[4] With some reluctance, I’m detailing with some modifications my own SOHO network.

[5] See router set-up guide, https://static.tp-link.com/2019/201901/20190123/7106508226_Archer%20C9_QIG_V1.pdf

[6] See: Managing Electrical Energy Costs with Time of Use (TOU) Limitations

[7] See: Making Data Driven Decisions on Time-of-Use Electrical Consumption

‍