skip to Main Content

3 Ways to Strengthen Your Smart Home Network Setup – Stacey on IoT

It’s 2022 and you have a smart home. Given all the stories about IoT devices being hacked or hacked with malware, is your router and home network ready to protect your home? If you have an older router or aren’t using the advanced features of a more modern router, maybe not. With that in mind, here are various ways to boost the security of your smart home device – assuming your router has the right features.

To be clear, the main goal here is to limit network intrusions only to infected devices. You don’t want a malicious actor entering your home network through an IoT device and accessing your other devices or network data.

Use this guest network

The easiest way to protect your network is to set up a guest network and connect all your smart home devices to it. Even if your router is a few years old or provided by your ISP, chances are it supports at least one guest network. The last two Eero routers I reviewed, for example, offer guest networking.

The steps you’ll need to take to create a guest network vary by brand and model, so start by checking your router’s regular or even advanced settings. Then create a completely different network name and password from your main home network. Next, connect all of your IoT products to the guest network to separate them from the network used by your phones, computers, tablets, and TVs. This will protect your main home network from outside access via a compromised IoT device.

There is a downside here, however. Any time you want to use a mobile app to control one of your smart home devices, you need to connect your phone to the guest network. However, if you’re using smart speakers or smart displays to control these connected devices, that’s less of an issue. Why? Because if you put all your smart home products on the guest network, those smart speakers and smart displays should be there too, so they can “see” your lights, locks, cameras, etc.

What is Network Segmentation?

Image courtesy of JMDevLabs on Medium

With an advanced router, you can take the guest network approach to another level through network segmentation. Again, the make, model, and age of your router will determine whether you have the ability to use this feature. Ubiquiti routers have been popular choices among our listeners and readers.

Essentially, network segmentation divides your home network into subnets: instead of a single network, you have multiple networks. And just like the guest network approach, once you’ve created a subnet specifically for your smart home devices, they all need to be connected to it. Each subnet can access the Internet through your router, but devices on one subnet cannot “see” devices on another.

In the image above, you will see that each subnet IP address range starts with the same number: 192.168. This is a common private or internal IP address range for use in any home or business. The following number ranges illustrate the IP addresses that are segmented. Home Wi-Fi devices use a range of network IP addresses, from 192.168.2.1 to 192.168.32.254. The IoT devices in this example use a similar address range, but on the 192.168.3.xxx subnet. They can only see devices on that same segmented network, so a third party accessing it cannot access devices on the home Wi-Fi network.

This Medium article from JMDevLabs offers a detailed explanation of how network segmentation works and how to set it up. However, network segmentation has the same disadvantage as using a guest network. To control IoT devices from a smartphone, the smartphone must be on the same network as these devices.

Another hardware option

If network segmentation seems too difficult to configure and/or your router does not offer a guest network, there are other options. One of the best, in my opinion, is more of a guard than a true segmented gate.

Image courtesy of Firewalla

It comes from Firewalla, which makes a line of home cybersecurity products. Each of the products – which range in price from $139 to $475 – have the same basic functionality, but you can spend more to add features or support a faster network.

Previously, I tested two such products in the line, the Firewalla Blue and the Firewalla Gold. Each is installed directly between your home internet connection and your router. So it’s like a firewall in that regard, because it can see incoming and outgoing network traffic.

And like a firewall, you can configure rules that allow or deny smart home devices a connection to or from the internet. This way you can, for example, allow your Google Home devices to only connect to Google servers. Such configuration may prevent third parties from accessing your smart home device, accessing your network, sniffing your data or accessing other devices without your knowledge.

It takes time and effort to set up a firewall for maximum protection. Initially, you may be bombarded with firewall notifications to approve or deny internet access for devices. And you can easily fall down a rabbit hole when watching servers around the world try to connect to your IoT products.

However, by default, the firewall is largely a self-configuring tool, so it’s up to you to decide how much network data you want to browse and take action on. There are several other physical devices, such as those from Bitdefender and Cujo, that can perform this function as well. Additionally, certain services from Comcast Eero or your ISP can also help provide this level of notification and monitoring for a monthly fee.

Note that you can combine several of these methods, for example using a guest network and a firewalla. Or you can take it a step further and invest in a commercial-grade router that supports VLANs, although that’s not something most smart home owners would likely tackle.

Whatever your approach, your goal is to minimize network threats in your smart home. And that’s something all of these options will do.

Back To Top