USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve...
Transcript of USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve...
![Page 1: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/1.jpg)
USE MULTIPLE ROUTERS
TO PROTECT AGAINST
"IoT" INSECURITYby Francis Chao
![Page 3: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/3.jpg)
3
SUMMARY• "Internet of Things" (IoT) devices come
with a proprietary Internet access
methodology that is controlled by their
manufacturers. Having IoT devices
share the same router as a computer
or tablet is not recommended. We
recommend a 3 router solution for
connecting "IoT" devices your home or
small business network.
![Page 4: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/4.jpg)
4
TOPICS
• Basic Advice About Routers
• Basic Assumptions
• Two Router Configuration
• Three Router Configuration
• Activate "Access Point" Isolation on
More Expensive Routers
![Page 5: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/5.jpg)
5
BASIC ADVICE ABOUT ROUTERS
• One of the best descriptions of
securing local networks for insecure
"Internet of Things" devices can be
found at
https://shkspr.mobi/blog/2016/03/de
signing-a-home-network-for-hostile-
devices/
![Page 6: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/6.jpg)
6
BASIC ADVICE ABOUT ROUTERS
(continued)
• See also
https://www.trendmicro.com/vinfo/us
/security/news/internet-of-
things/protect-home-network-
securing-router
![Page 7: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/7.jpg)
7
BASIC ADVICE ABOUT ROUTERS
(continued)• See also
https://www.welivesecurity.com/201
7/10/26/secure-your-router-prevent-
iot-threats/
![Page 8: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/8.jpg)
8
![Page 9: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/9.jpg)
9
BASIC ADVICE ABOUT ROUTERS
(continued)• See also
• https://www.csoonline.com/article/3
085607/internet-of-things/8-tips-to-
secure-those-iot-devices.html
![Page 10: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/10.jpg)
10
![Page 11: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/11.jpg)
11
BASIC ADVICE ABOUT ROUTERS
(continued)• We agree with the general concept
of using a "guest Wi-Fi network"
inside an existing router but having
multiple virtual routers inside a
single router is usually a lot more
susceptible to malware relative to
having separate routers with
uniquely different usernames and
passwords.
![Page 12: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/12.jpg)
12
BASIC ADVICE ABOUT ROUTERS
(continued)• See
• https://www.tomsguide.com/us/secu
re-smart-home-how-to,news-
19380.html
![Page 13: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/13.jpg)
13
![Page 14: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/14.jpg)
14
BASIC ASSUMPTIONS
• Assumption One:
We are using "dumb routers" that
generate and assign "private IP
addresses" for their local network-
attached computers and devices.
• Assumption Two:
These "dumb routers" do not
communicate and coordinate with
each other.
![Page 15: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/15.jpg)
15
MULTIPLE ROUTER
CONFIGURATION• In the large networks of
governments, large businesses,
and educational institutions, multiple
tree-like levels of routers (both
actual and virtual) have been the
normal mode of operation for about
40 years
![Page 16: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/16.jpg)
16
MULTIPLE ROUTER
CONFIGURATION (continued)• Because of the security risks of
using "Internet of Things" (IoT)
devices such as Internet-connected
home appliances, security cameras,
alarm systems, environmental
sensors, etc., the multiple router
method of protecting computer
assets will move into the home and
small business.
![Page 17: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/17.jpg)
17
MULTIPLE ROUTER
CONFIGURATION (continued)
• Reference for the multiple router
concept:
https://www.pcper.com/reviews/Gen
eral-Tech/Steve-Gibsons-Three-
Router-Solution-IOT-Insecurity
![Page 18: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/18.jpg)
18
MULTIPLE ROUTER
CONFIGURATION (continued)
• "Border router" on the left
and
"IOT router" on the right:
![Page 19: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/19.jpg)
19
![Page 20: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/20.jpg)
20
MULTIPLE ROUTER
CONFIGURATION (continued)
• If the "border router" is not part of a
"broadband modem", then the WAN
jack or Internet jack connect here:
("WAN" stands for "Wide Area
Network"):
![Page 21: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/21.jpg)
21
![Page 22: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/22.jpg)
22
MULTIPLE ROUTER
CONFIGURATION (continued)
• Reference for the previous two
illustrations:
https://www.wikihow.com/Connect-
Two-Routers
![Page 23: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/23.jpg)
23
MULTIPLE ROUTER
CONFIGURATION (continued)
• "LAN to WAN" means that one of
the "LAN" jacks of the (left) "border
router" is connected to the the
"WAN" jack of the (right) "IOT
router":
![Page 24: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/24.jpg)
24
MULTIPLE ROUTER
CONFIGURATION (continued)
• For most of us, the broadband
modem that we rent from our
"Internet Services Provider" actually
has both a broadband modem and a
"border router" inside it:
![Page 25: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/25.jpg)
25
![Page 26: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/26.jpg)
26
MULTIPLE ROUTER
CONFIGURATION (continued)
• Therefore, for most of us, adding
one additional router brings us to
the "two router" configuration:
![Page 27: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/27.jpg)
27
![Page 28: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/28.jpg)
28
MULTIPLE ROUTER
CONFIGURATION (continued)
• The article at
https://www.pcper.com/reviews/Gen
eral-Tech/Steve-Gibsons-Three-
Router-Solution-IOT-Insecurity
criticizes the two-router
configuration as follows:
![Page 29: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/29.jpg)
29
MULTIPLE ROUTER
CONFIGURATION (continued) • <Start of quote:>
In this arrangement, only IOT/Smart
devices are connected to the
internal (or IOT-purposed) router.
The idea was to isolate insecure or
poorly implemented devices from
the more valuable personal local
data devices such as a NAS with
important files and or backups.
![Page 30: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/30.jpg)
30
MULTIPLE ROUTER
CONFIGURATION (continued) • Unfortunately this clever
arrangement leaves any device
directly connected to the “border”
router open to attack by infected
devices running on the internal/IOT
router. Said devices could perform a
simple trace-route and identify that
an intermediate network exists
between it and the public Internet.
![Page 31: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/31.jpg)
31
MULTIPLE ROUTER
CONFIGURATION (continued)
• Any device running under the border
router with known (or worse -
unknown!) vulnerabilities can be
immediately exploited.
<End of quote>
![Page 32: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/32.jpg)
32
THREE+ ROUTER CONFIGURATION
• Untrusted IoT Router:
![Page 33: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/33.jpg)
33
![Page 34: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/34.jpg)
34
![Page 35: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/35.jpg)
35
BASIC THREE+ ROUTER CONCEPT
(continued)
• Trusted Router:
![Page 36: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/36.jpg)
36
![Page 37: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/37.jpg)
37
BASIC THREE+ ROUTER CONCEPT
(continued)
• Basic Concept:
Internet providers modem or router
connects to
Main Gateway Router
which has a LAN side that connects
to Untrusted (IoT) Router
and
to Trusted router
![Page 38: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/38.jpg)
38
![Page 39: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/39.jpg)
39
BASIC THREE+ ROUTER CONCEPT
(continued)
• Reference for the previous diagram:
http://www.securityperspectives.com
/three-dumb-routers-are-coming-to-
a-home-network-near-you/
![Page 40: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/40.jpg)
40
BASIC THREE+ ROUTER CONCEPT
(continued)• Also known as
"3 dumb routers" as coined by Steve
Gibson because the routers that are
purchased for homes and small
business are much dumber than that
ones that larger businesses and
organizations use, which, for a home
or small business network, may be a
good thing.
![Page 41: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/41.jpg)
41
A MORE PROFESSIONAL
DESCRIPTION OF THE
THREE+ ROUTER CONCEPT
• A more professional description of
the 3 router concept along with a
more critical view of the details can
be found at
https://www.pcper.com/reviews/Gen
eral-Tech/Steve-Gibsons-Three-
Router-Solution-IOT-Insecurity
![Page 42: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/42.jpg)
42
A MORE PROFESSIONAL
DESCRIPTION OF THE
THREE+ ROUTER CONCEPT
(continued)
• "Main Gateway Router" is usually
called "Border Router" by computer
and network professionals.
• "Untrusted Router" is now usually
called "IoT Router" since
"Untrusted.." has a bad connotation.
![Page 43: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/43.jpg)
43
![Page 44: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/44.jpg)
44
![Page 45: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/45.jpg)
45
![Page 46: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/46.jpg)
46
A MORE PROFESSIONAL
DESCRIPTION OF THE
THREE ROUTER CONCEPT
(continued)
• For most of us, the "border router"
is part of the broadband modem
that is provided by our broadband
"Internet Service Provider"
![Page 47: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/47.jpg)
47
ACTIVATE "ACCESS POINT
ISOLATION" ON MORE EXPENSIVE
ROUTERS
• On more expensive routers, you
might be able to activate "wireless
isolation" so that each Wi-Fi-
connected "Internet of Things"
device is isolated from each other
and from wired computers on the
local network.
![Page 48: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/48.jpg)
48
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• "wireless isolation"
= "AP isolation"
= "Access Point isolation"
= "client isolation"
= "station isolation"
= "wireless client isolation"48
![Page 49: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/49.jpg)
49
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• "Wireless isolation" means that
each Wi-Fi-connected "Internet of
Things" device cannot access
shared files on any other Wi-Fi-
connected or Ethernet-connected
device that is connected to the
router.
![Page 50: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/50.jpg)
50
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)• When you activate "access point
isolation", you end up with a
separate virtual router for each
individual "Internet of Things"
device, as described at
https://dazeend.org/2017/03/segre
gating-iot-devices-on-an-isolated-
network/
![Page 51: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/51.jpg)
51
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• However, "wireless isolation" is
implemented differently in different
models of routers, as described at
https://jervis.ws/implementing-
security-zones-with-home-routers-
for-the-iot-early-years/
as follows:
![Page 52: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/52.jpg)
52
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• <Start of quote:>
Some routers provide ‘Wireless
isolation’ which is designed to block
inter-device access on the same
wireless network. In some cases
this blocks access to wired devices
and all other wireless devices,
![Page 53: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/53.jpg)
53
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• in others access to wired devices is
ALLOWED however access to other
wireless devices is blocked. If you
wish to utilise wireless isolation on a
wireless network,
![Page 54: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/54.jpg)
54
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• check the manufacture's manual
and perform some tests to ensure
you’re familiar with the
implementation.
<End of quote>
![Page 55: USE MULTIPLE ROUTERS TO PROTECT AGAINST IoT INSECURITY · "3 dumb routers" as coined by Steve Gibson because the routers that are purchased for homes and small business are much dumber](https://reader034.fdocuments.us/reader034/viewer/2022042518/5f9c7ab61215e27c8955074b/html5/thumbnails/55.jpg)
55
ACTIVATE "WIRELESS ISOLATION"
ON MORE EXPENSIVE ROUTERS
(continued)
• In other words, "wireless isolation" is
useful as a way to isolate "Internet
of Things" devices from other
computers in some models of
routers and worthless in other
models of routers.