On Sun, 3 Feb 2019 01:08:32 +0100 (CET) "Carlos E. R." <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2019-02-02 a las 22:51 -0000, Dave Howorth escribió:
On Sat, 2 Feb 2019 23:25:27 +0100 Peter Suetterlin <pit@astro.su.se> wrote:
Dave Howorth wrote:
...
Thanks for answering my questions, Peter, and giving me some more to think about. Apologies for all for mnemonic confusion; I meant WLAN rather than WAN, of course. It's the phones and IoT devices on the network that cause me most concern; I'm not so much worried about the state of my Linux boxes.
The IoT gadgets probably "phone home" to register on some external site. The apps on phones typically connect to this external site, who then tells the gadgets how to react. It is this last aspect which I do not have clear: maybe the gadgets just keep an outgoing connection to the internet server, so they are not affected by any firewall you may setup. If the connection is incoming, then I'm unsure. There are protocols "that just work" but pose a security risk. That's how the latest's attack on the Chromecasts were done.
Connections have to be outgoing. They can't be incoming because of NAT and no open ports on the router; not to mention dynamic IP assignment by my ISP. So there are never any 'designed' incoming connections. And I see no evidence of 'naughty' connections in my router's logs, but then I wouldn't expect to if it were compromised.
My only IoT gadget is not registered outside, is only accessible inside, so no risk, AFAIK. The actual risk I found is that once it lost Ethernet connectivity, thus failing on its mission and purpose in life.
Well right, as long as the network remains secure, which is why I am asking about securing the network. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org