Resilience to a potential Home Assistant vulnerability.Dynamic routing of what goes through regular or VPN connexion based on protocol.Guests isolated on a subnet (& their traffic going through a VPN).Solid Ingress filtering (from the Internet toward my LANs).Voice activation is cute, but fulfilling 3 letter agencies’ wet dreams of having people install connected microphones in their homes (at their expense) isn’t my thing. No connected microphone: Also, no mic in my home. So I wish for my security to rely as little as possible on 3rd parties and be able to control them when I’ve no choice. (On top of that, we don’t need their app, we don’t want them at all, and we want to control everything through HA) That some attacks can be carried to your home through their hardware, API or services.They will lose your data (not if, when).They are down for maintenance due to a cyber attack or bug with consequences on the usability of your system.Why no cloud dependency? When a hardware provider imposes its (average) cloud services and forces you to use their app, you’re at risk that: We all have different goals and sensibilities, but I believe most HA users like privacy and cloud independence. Table of contentĤ/ Configuring your switch, Wifi and separating your networksĥ/ Securing your HA 1. Please don’t take offense, these kinds of howtos are tricky to write. There will be a lot of edits I’m sure and inclusions of comments that will pop. PS: I adapted my own configuration here, with different ranges / eth, so I may have typoed it, don’t hesitate to let me know, and I’ll correct them. OpenWRT won’t get you as far as this setup, but it’s easier for a beginner. Nothing expert level, but it’s a reasonably advanced network & security technics I’ll be explaining here, which could confuse regular users. This post requires some Linux / network knowledge. ( Reliable power supply + UPS, run it on an SSD and not an SDcard, put it in a safe place and in a case it it’s a naked Raspberry Pi) This guide isn’t about your physical HA security. This doesn’t make me an authority, even less so because now I’m a CEO and no longer on the tech playground, but let’s say I’m sensitive to the topic and have experience. Red test pentester, then blue teamer, I now lead an open-source editor named CrowdSec (which offers crowd-sourced protection against aggressive IP addresses). Since 1999, I’ve dedicated most of my career to cyber security.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |