Typically, we are already into the complex mathematics of the geometry of straight lines and how to divide.
For the more challenged amongst us is connecting a second router to the Ethernet port of the ISP provided router, and creating a separate network one answer? It still needs some smarts to ensure the traffic is separated between two networks.
Alternately many routers allow you to create a guest network. You could use that for all the extra devices.
Of course neither is perfect as having separated the two networks moving content dynamically between the two may not be possible? After all you are trying to stop that from happening?
Do you simply consider your home network for ever more a public network and revert to using a VPN for the majority of your personal use?
There is no paranoia under this hat .
Hopefully not another marketing specialist either.
P.s. might - “OK Google, Secure our Network!” be a more effective request?
That’s good feed back. Especially if you are comfortable going into the router configuration software. There is some knowledge required to do so. One of our routers allows a guest network to be enabled with a minimum of effort.
Another simpler router to do so requires you to configure the IP ranges, set a mask and open selected ports! Not so simple for many!
That is partly the reasoning for asking about the options.
It is made harder or easier by how your ISP treats you and whether the ISP supplies a decent router. I know many who have a standard Telstra broadband router of what ever vintage that carries the default Telstra configuration. I used to have one that when supplied used a WAP encryption key related directly to to the SSID. Many users do not have any knowledge of the risks or how to access and change these settings.
Our latest iiNet router standard configuration is a little better, however any built in security - in my example adding a PV solar power invertor, disappears the moment we attach other devices we have no control over. These necessary devices can communicate with their big brothers and like smart TVs also auto download and install software without our knowledge or explicit permissions.
Is it subsequently acceptable for devices to behavior this way?
Should all such software/firmware be subject to third party audit and certification before it is released?
Should all broadband users need a license and pass a test before they are connected?
Should all ISP’s meet an agreed configuration and security standard for the devices they supply including remote configuration?
Our Solar PV Invertor has a two line info display, is effectively headless, amd requires an externally connected device to access it’s performance. Why does it also need to access big brother?
And to whom does big brother facilitate access to?
True many of the concerns are no different to having a Google ID and Gmail account, except the power of a headless smart device on the inside of a home network is infinfinitely greater in what it can discover.
The suggestion of a Ubiquiti EdgeRouter X router is also valid, as from my understanding (coming from the above-mentioned podcast) they do not permit any interchange between their ports. They are discussed in the following episode.
Unfortunately many or most routers do not have this capability.
We are in a period of immense change in the computing world. IoT devices can cost pennies to manufacture, and there are plenty of companies willing and able to go into business without worrying about end user security.
I expect that a few years from now things will have settled down, there will be some basic security standards either imposed on the industry or by the industry for devices, and we will all live happily ever after.
It isn’t just IoT devices such as a baby monitor that uploads video to the web which is available to any who can guess your user name. Unpatched security holes in routers, or in server software, are enabling massive breaches and botnets.
We are only relatively new to the idea of IT security, and even newer to the idea of securing everything on the Internet! Microsoft has finally (almost) figured out how to do it right in Windows; Apple and Google are probably in the same range of proficiency, but Google’s partners vary from ‘regular updates’ to ‘what’s an update?’.
It is likely that at some point in the future there will be a ‘stamp of security’ that you can trust for an Internet-connected device. Probably operated by manufacturers who are sick of the low quality stuff that’s poisoning the Internet, it will require functions such as regular automatic updates, limitations on Internet access depending on the device’s purpose, and similar kinds of security. Unfortunately, we are not yet there - and when you are designing one of these devices security is not an add-on, it is a fundamental feature. It is incredibly easy for bugs to slip past, even if you do use third party auditing, so as matters stand you can assume that every Internet-connected device you own has at least some bugs.
There is one other advancement that may make the Internet secure. I cannot remember the terminology, but it is the concept of an ‘error-free’ programming language/tool that does not provide for the easy mistakes that might be made in a million or more lines of code. I suspect it is a while away.