On 03/02/2019 15.59, David T-G wrote:
Carlos, et al --
...and then Carlos E. R. said... % % On 03/02/2019 05.47, David T-G wrote: % > % > But that puts a "good" server on the same network as all of those IoT % > devices. Shouldn't we want the fridge and the thermostat and so on to % > not even be able to see a computer we want to protect? % % Certainly not. % % I have an intelligent fridge, for sure I want to talk to it from home % and maybe from outside too.
Yes. The computer can talk to the fridge, but the fridge shouldn't see the computer.
Why not? The fridge may have important things to tell me when he wants Like, hey, you have to buy more butter. :-)
% % What good is an intelligent toaster if I can not see when the toast is % ready from my android phone or my computer? I might buy instead a toaster.
*grin*
:-)
...and then Carlos E. R. said... % % On 03/02/2019 06.14, Toshi Esumi wrote: % > ... % > But IoT devices never get hacked or virus infected unless it's connected % > to the internet. And the FW is controlling both those IoT devices and % > your servers, etc. % ... % those connections by default. And blocking them negates the utility to % control the sitting room intelligent lamp from the phone...
It may well be that one can talk directly to the fridge without going out to its central web server. I dunno; my thermostat, for instance, isn't like that. But if you have your trusted machines (and maybe your phone) in the safe network, they can still see the fridge in the outer ring. If you put your phone on the outer ring, then it can see them directly. Sooooo... How doesn't it work?
I only have one IoT thing, a controllable power strip, and I bought one that is controllable from inside. But it is designed to be controlled from outside, by registering on some outside server on a fixed IP. The android app connects to that server, not to the internal IP. But I don't use it, I didn't register. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)