How safe do you feel?

Personally I used to have the same concerns. I just added a door lock within the last 6 months. Being residential, I have to keep telling myself, keep network secure and that's about the best you can do. Most people that would break in probably are not going to try to hack my house, and will probably still use the most easiest way to get into a house. A rock thru a window. I have a security system and two hungry dogs. I am not as concerned anymore.

I also live by the motto that locks are only for honest people.

If you are worried about it, set HS up to notify you anytime something "critical" happens. That way you'll know right away if someone is opening garage doors, etc.

Cheers
Al

My uncle was fond of nearly the same line. When I was a very young boy my dad and I visited his repair "shop", which was one of several areas that had been carved out of a public space. There was a hinged wood panel that came down to close off the counter area, and a small padlock to secure it. When my dad asked him if the lock was good enough, he responded, "Well, it keeps the honest people out."

I've always assumed that someone determined to break in will do so, and the counter measures necessary to repel them are likely to be a bigger aggravation to me than they are worth. On the other hand, I do not consider locks that require a physical key and a garage door that requires me to push a button to open it are too much aggravation. Besides, they just may increase the incentive for someone looking for a target to look somewhere else. As the saying goes, You don't need to outrun the bear, just don't be the slowest one running away.

Here in Nova Scotia we don't need to lock our doors.

Except Dartmouth?

I didn't know igloos had doors.

The door is a block of ice

Yeah. In the sleepy hamlet full of hippies and academics where I live locking doors is not really an issue. I have HS lock my doors all the time though.... just because I can. I never locked my door once before I got a Z-Wave lock.

Halifax/Dartmouth are in a world of their own. I don't think locking anything there helps.



Well. there is that.

I agree that someone that REALLY wants to get in, will.
Be that as it may, my system is locked up behind a VPN. I ONLY have access when connected through the VPN or on my local network. To the best that it can be - as Mike alluded to - without being so secure that it is a pain to use.

For any remote access that I need, I use AutoRemote (started to use that Before the Tasker plugin and was too far down the rabbit hole to start over). What's great is there are no open ports. The PC makes a secure connection to Google, my phone does the same. Messages pass through there. Since I have the VPN access, I don't even bother opening ports any longer. Even my travel router I use can gain access to it's OWN VPN network - which then has rules to allow my nearly "local" access while traveling. Best part is, with AutoRemote and SSH access to my PFSense instance, I just ping it that I want access, I get a message back with the IP du jour (thank you cable company). In the time it takes for me to get that IP in the client, EventGhost opens up the VPN port (something up above 19,000...I think? I honestly don't remember). I access. When done, I send another AutoRemote message and it gets closed. My backup is a FreedomPop cellphone. Same thing, but it has it's OWN internet and I can send SMS to it to gain access if there is some issue with my EventGhost setup. Best part about the cellphone, with Freedom Pop, since it is a basic service phone, I bought the phone for $50 or something. I get 200 voice minutes, 500 text messages and 500MB of data for free every month. I only bought the phone (and that was on a sale!).

Now you might be thinking, "he's nuts"...maybe, but the last 6+ months when I was not on here, I Homeseer was stable. So, I set out upgrading my server and everything else to be totally virtualized using ESXi. Best move I EVER made. Now my router is a virtual machine of PFSense. Give that OS the power of a 8 core (plus HT) Xeon Server and it is AMAZING what you can do. Add in Snort or other intrusion type things, stick in VLAN coupling with a Netgear ProSafe switch (supports VLAN), toss in 1 WLAN PCIe NIC and you will be rather amazed what you can do with your network! Below I mention gateway, I have two internets. DSL and CABLE. Bound them together with rules. Really cool stuff. I also have a second network just for my work stuff (don't need the IS department snooping on my home network!).

Anyway, here's my wireless setup, so you can confirm my craziness:
Anything on my WLAN is not allowed to access that machine. There is 1 WLAN that does have access, but the wireless transmit power is weak, authentication security is high and really is setup so that I can access that machine for maintenance from my house only. From what I've tested, with the antenna for that in the basement and as weak as the signal is, I can barely connect when outside the house. Signal is REALLY weak. If you are ABOVE it - inside the house, it seems to work good enough that I do not have to get on a PC with wire just to mess with it. Besides, if I really need something I have a Pixel C now - just hook in the wired ethernet and away I go!

This is done on purpose to reduce the chance of someone entering my network and gaining access - more so as an annoyance since a malevolent person can spoof, or clone, or whatever to gain access to wireless. I feel that anyone that IS going to gain access will - but then again, there are probably other reasons that this person is THAT intent on causing me harm. I live in a subdivision and with my wifi sniffer, I can see close to 30 networks from my house. I'm taking "the club" [ h t t p ://winner-intl.com/ ] approach. If someone were to be out there trying to access...I just made it hard enough that someone would probably call the police on a suspicious car sitting there. State Trooper across the street and being on a culdesac..we do not get people that have no intent on visiting.

My network is just more difficult than most, dare I say everyone in my neighborhood. I have also left a network mildly difficult to gain access that should lure someone into there. The rules of PFSense allow me to grant certain access, which basically is:
*once someone is on that network, it allows 500KB of data through my gateway on web ports, blocks pinging the network with 0 dropped packets.
*all other packets are blocked/dropped as needed
*This SHOULD give the illusion that one has gained access but there are no PCs on the network at this time. Only the internet. So...move along...nothing to see here. Kind of like a honey pot in a way. When the internet finally drops out (500KB burns fast on our media rich environments of today) the idea would be ehh...better things to do with my time than try to work on this network...again...move along...nothing to see here.

My last issue that I've not been able to crack at this time, the VPN I have ONLY works on 1 gateway at a time. I have NOT been able to get it to work from the BOUND gateway. I've followed a few guides...luckily I have the virtual machines. I had to revert each attempt so far. The worst one locked me out of the ESXi instance so well that I had to actually log in using a <shudder> physical keyboard AT the server! Well, revert and all was well again. I know, well more believe that it can do this...there are quite a few guides out there...but I just have not found the right one that has the RIGHT steps for the specific settings that my PFSense instance has.

It's also one reason I use the VPN through my travel router when traveling. Any of my personal stuff tunnels out over the VPN and I look like I am surfing from my house (with highly restrictive rules of course since this is not as trusted as if I were at my house). Mostly helps me when I'm in countries that begin with CHange and ends with tINA or begins with INdigo and ends with DIAphram - countries that have restrictive internet (no Netflix while traveling...WHAA?).

The router of course also protects me from network snooping as I was behind my travel router's firewall (which has NO ports open). I was able to see my coworker's shared files over the hotel wifi...I realize that this wifi is not as secure as my home, but better than nothing. Also using that router with a second travel router lets me connect to wired or wireless hotel networks WHILE having my OWN WLAN/LAN so I can actually use my Chromecast while traveling. VERY nice.

Sorry that got long, but you asked the right question that basically summed up one major thing I had been working on for 3 of the past 6 months. It was a long and difficult journey, but now that I am here, it was worth EVERY effort that I put into it.

--Dan

Last night my PFSense power brick blew up (literally melted) and trashed the BSD hard drive on it's way out.

I tried a repair and it didn't work restoring my configuration so I built it from scratch.

That brings a whole other bag of worms on how safe you feel with all this electrical stuff we add. It's a concern in the back of my head all the time. Especially dimmers and switches.

I had a fluke electrical thing a few years back that took out 90% of my Insteon switches.

I have a commercial style TVSS next to the panel. This device has alarm panel connections (a bit overkill; but a great deal on the purchase).



The outdoor AC condensor contactor shorted out, back feeding 220VAC to the house electric. Mostly the circuit breakers kicked on (except for a couple of them).

The outdoor HVAC unit did catch fire and melted the freon lines releasing all of the freon. I installed another surge protector outside next to the HVAC compressor last year (or year before).



This all happened on a very warm and muggy nigh (and it was raining).

That ended my Insteon use and I finished migrating to UPB.

I have had one Z-Wave switch do a flash a burn behind the family room coach once. (only one to date).

where i live and the type of house i live in, im not worried about someone hacking my system to open the doors.

they are more likely to kick in the door and just go with that.

now the electric stuff melting into slag and causing a fire is a concern.