On 2/2/19 8:47 PM, David T-G wrote:
...and then Toshi Esumi said... % % On 2/2/19 1:28 PM, Dave Howorth wrote: % ... % 2) Put your vendor ADSL router/modem in modem/bridge mode, so that % the FW in 1) behind the vendor modem can handle NAT/VIP and all % other firewalling needs.
But that puts a "good" server on the same network as all of those IoT devices. Shouldn't we want the fridge and the thermostat and so on to not even be able to see a computer we want to protect?
Ok, I guess I should have put 3). 3) have a cheap VLAN capable switch to do internal segmentation and trunk all segments (either with VLANs or multiple ports if the FW chassis has them) pulled to the FW without interconnecting them together. The FW should be the gateway between segments. But IoT devices never get hacked or virus infected unless it's connected to the internet. And the FW is controlling both those IoT devices and your servers, etc. I don't mind putting them together at my home as long as those are behind a solid FW, which I have a hadware-based+subscription-based one. Of course, if something that has another way to connect to the interet, like 4G/5G phones/tablet.etc, (I don't connect them to LAN, other than WiFi, which is connected to the same FW), you need to take care of that side separately. Beacuuse that's another "Point ot Entry from the Intenet". You need FWs on those too probably at device level. Toshi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org