top of page
Search
randallthomasmusic
Oct 223 min read

How-To: Network Segmentation for IoT

How to Set Up Network Segmentation for IoT Security


Graphic showing the Internet of Things
Internet of Things

Isolating your IoT devices on their own network is one of the best ways to secure your home or business. By creating a separate network or subnet, you reduce the chances that a vulnerable smart device can give hackers access to your sensitive data. Here’s how you can set up network segmentation, either by creating a guest network or configuring subnets, to boost your security.


"If it's IoT, it's insecure. Segment, encrypt, make it harder for them to hack!" - Randy and the Techpocalypse

Step 1: Access Your Router Settings


  1. Connect to your network: Make sure you’re connected to the network you want to modify.

  2. Access the router’s admin page:

    1. Open a web browser and type your router’s IP address into the address bar (usually something like 192.168.1.1 or 192.168.0.1).

    2. Enter your admin username and password (check your router’s manual if you don’t know them, but change default credentials if you haven’t already!).


Step 2: Set Up a Guest Network (for basic segmentation)


Most modern routers allow you to create a guest Wi-Fi network, which can be used to keep IoT devices separated from your primary network.


  1. Navigate to the Guest Network settings: Look for a “Guest Network” option in the wireless settings of your router.

  2. Enable the Guest Network: Turn on the guest network feature.

  3. Configure the Guest Network:

    1. Name (SSID):

      Choose a name that clearly indicates it’s the IoT network, e.g., “Home-IoT.”

    2. Password:

      Set a strong, unique password (not the same as your main Wi-Fi) using upper and lower case, special characters, and numbers.

    3. Network Isolation:

      Enable “AP Isolation” or “Client Isolation” if available. This prevents devices on the guest network from interacting with each other or devices on the main network.

    4. Limit Bandwidth:

      If your router allows, consider limiting the bandwidth on the guest network since IoT devices generally don’t need high speeds.

  4. Save and Apply Changes.


All IoT devices (smart TVs, cameras, thermostats, etc.) should now connect to this guest network, leaving your main network for more secure activities.


Step 3: Create Subnet for IoT Devices (advanced)


If your router supports VLANs (Virtual LANs) or allows creating subnets, you can create a more robust segmented network for IoT devices.


  1. Find the VLAN/Subnet Settings:

    Look for options like “VLAN,” “Subnet,” or “Advanced Routing” in your router’s settings.

  2. Create a New VLAN/Subnet:

    1. VLAN ID:

      Choose a unique VLAN ID number (e.g., 10 for IoT).

    2. Subnet Range:

      Assign a subnet range, such as 192.168.10.0/24, to ensure the devices are on a different network than your primary one (which may use something like 192.168.1.0/24).

    3. Set the VLAN Interface:

      Assign the newly created VLAN to the correct router interface (such as the Wi-Fi or LAN port you want to use for IoT devices).

  3. Configure Firewall Rules (if available):

    Set up firewall rules to restrict communication between VLANs. For example, allow your IoT VLAN to access the internet but prevent it from accessing the main VLAN where your sensitive devices (like your work laptop) are located.

  4. Apply and Save Settings.


Step 4: Test and Connect Devices


  1. Reconnect IoT devices: Once the guest network or VLAN is configured, disconnect your IoT devices from the main Wi-Fi and reconnect them to the newly created network.

  2. Test the isolation:

    1. Try accessing devices on the main network from the IoT network. If your settings are correct, they shouldn’t be able to communicate.

    2. Also, ensure all IoT devices have internet access, as many need connectivity to function.


Tips for Extra Security


  • Disable UPnP: Universal Plug and Play makes it easy for devices to connect automatically, but it’s a security risk. Disable this in your router settings unless absolutely necessary.

  • Monitor Traffic: Use tools like a firewall or router logs to monitor your IoT network for unusual activity.

  • Keep Devices Updated: Regularly update the firmware of your router and IoT devices to patch vulnerabilities.


That’s it! You’ve now separated your IoT devices, making it much harder for hackers to jump from a compromised smart gadget to your main devices. Remember, in the future, IoT security might be what separates you from a total digital meltdown.



Randy and the Techpocalypse graphic: Security Today, Power Tomorrow

 

Help support our cause of making digital security and technology fun and engaging by visiting the merch store now!




Let people know that you know what's up with our tech and security graphic tshirts available on demand.



28 views1 comment

Recent Posts

See All

1 комментарий

Гость
29 окт.

RE Step 3.2.c above Can both segments share an interface? So that I my "secure' network segment and my "IoT" segment both run on the same wifi or ethernet port?

Лайк
bottom of page