I got a strange feeling when I created an IFTTT recipe to open my garage doors. How secure is it to have your whole house (or portions thereof such as door locks, alarm systems, etc) exposed with several outside servers. There is Myhomeseer, Amazon Echo, IFTTT, others that in my mind present an exposure. Would like to hear some comments from other. Why shouldn't we be worried? Understand the a hacker would need to put the ID together with an residence address to take damaging action (in most cases).
Announcement
Collapse
No announcement yet.
How safe do you feel?
Collapse
X
-
How safe do you feel?
Personally I used to have the same concerns. I just added a door lock within the last 6 months. Being residential, I have to keep telling myself, keep network secure and that's about the best you can do. Most people that would break in probably are not going to try to hack my house, and will probably still use the most easiest way to get into a house. A rock thru a window. I have a security system and two hungry dogs. I am not as concerned anymore.
I also live by the motto that locks are only for honest people.
-
Originally posted by waynehead99 View PostI also live by the motto that locks are only for honest people.
I've always assumed that someone determined to break in will do so, and the counter measures necessary to repel them are likely to be a bigger aggravation to me than they are worth. On the other hand, I do not consider locks that require a physical key and a garage door that requires me to push a button to open it are too much aggravation. Besides, they just may increase the incentive for someone looking for a target to look somewhere else. As the saying goes, You don't need to outrun the bear, just don't be the slowest one running away.Mike____________________________________________________________ __________________
HS3 Pro Edition 3.0.0.548, NUC i3
HW: Stargate | NX8e | CAV6.6 | Squeezebox | PCS | WGL 800RF | RFXCOM | Vantage Pro | Green-Eye | Edgeport/8 | Way2Call | Ecobee3 | EtherRain | Ubiquiti
Comment
-
Originally posted by Wadenut View PostHere in Nova Scotia we don't need to lock our doors.Originally posted by rpradeThere is no rhyme or reason to the anarchy a defective Z-Wave device can cause
Comment
-
I agree that someone that REALLY wants to get in, will.
Be that as it may, my system is locked up behind a VPN. I ONLY have access when connected through the VPN or on my local network. To the best that it can be - as Mike alluded to - without being so secure that it is a pain to use.
For any remote access that I need, I use AutoRemote (started to use that Before the Tasker plugin and was too far down the rabbit hole to start over). What's great is there are no open ports. The PC makes a secure connection to Google, my phone does the same. Messages pass through there. Since I have the VPN access, I don't even bother opening ports any longer. Even my travel router I use can gain access to it's OWN VPN network - which then has rules to allow my nearly "local" access while traveling. Best part is, with AutoRemote and SSH access to my PFSense instance, I just ping it that I want access, I get a message back with the IP du jour (thank you cable company). In the time it takes for me to get that IP in the client, EventGhost opens up the VPN port (something up above 19,000...I think? I honestly don't remember). I access. When done, I send another AutoRemote message and it gets closed. My backup is a FreedomPop cellphone. Same thing, but it has it's OWN internet and I can send SMS to it to gain access if there is some issue with my EventGhost setup. Best part about the cellphone, with Freedom Pop, since it is a basic service phone, I bought the phone for $50 or something. I get 200 voice minutes, 500 text messages and 500MB of data for free every month. I only bought the phone (and that was on a sale!).
Now you might be thinking, "he's nuts"...maybe, but the last 6+ months when I was not on here, I Homeseer was stable. So, I set out upgrading my server and everything else to be totally virtualized using ESXi. Best move I EVER made. Now my router is a virtual machine of PFSense. Give that OS the power of a 8 core (plus HT) Xeon Server and it is AMAZING what you can do. Add in Snort or other intrusion type things, stick in VLAN coupling with a Netgear ProSafe switch (supports VLAN), toss in 1 WLAN PCIe NIC and you will be rather amazed what you can do with your network! Below I mention gateway, I have two internets. DSL and CABLE. Bound them together with rules. Really cool stuff. I also have a second network just for my work stuff (don't need the IS department snooping on my home network!).
Anyway, here's my wireless setup, so you can confirm my craziness:
Anything on my WLAN is not allowed to access that machine. There is 1 WLAN that does have access, but the wireless transmit power is weak, authentication security is high and really is setup so that I can access that machine for maintenance from my house only. From what I've tested, with the antenna for that in the basement and as weak as the signal is, I can barely connect when outside the house. Signal is REALLY weak. If you are ABOVE it - inside the house, it seems to work good enough that I do not have to get on a PC with wire just to mess with it. Besides, if I really need something I have a Pixel C now - just hook in the wired ethernet and away I go!
This is done on purpose to reduce the chance of someone entering my network and gaining access - more so as an annoyance since a malevolent person can spoof, or clone, or whatever to gain access to wireless. I feel that anyone that IS going to gain access will - but then again, there are probably other reasons that this person is THAT intent on causing me harm. I live in a subdivision and with my wifi sniffer, I can see close to 30 networks from my house. I'm taking "the club" [ h t t p ://winner-intl.com/ ] approach. If someone were to be out there trying to access...I just made it hard enough that someone would probably call the police on a suspicious car sitting there. State Trooper across the street and being on a culdesac..we do not get people that have no intent on visiting.
My network is just more difficult than most, dare I say everyone in my neighborhood. I have also left a network mildly difficult to gain access that should lure someone into there. The rules of PFSense allow me to grant certain access, which basically is:
*once someone is on that network, it allows 500KB of data through my gateway on web ports, blocks pinging the network with 0 dropped packets.
*all other packets are blocked/dropped as needed
*This SHOULD give the illusion that one has gained access but there are no PCs on the network at this time. Only the internet. So...move along...nothing to see here. Kind of like a honey pot in a way. When the internet finally drops out (500KB burns fast on our media rich environments of today) the idea would be ehh...better things to do with my time than try to work on this network...again...move along...nothing to see here.
My last issue that I've not been able to crack at this time, the VPN I have ONLY works on 1 gateway at a time. I have NOT been able to get it to work from the BOUND gateway. I've followed a few guides...luckily I have the virtual machines. I had to revert each attempt so far. The worst one locked me out of the ESXi instance so well that I had to actually log in using a <shudder> physical keyboard AT the server! Well, revert and all was well again. I know, well more believe that it can do this...there are quite a few guides out there...but I just have not found the right one that has the RIGHT steps for the specific settings that my PFSense instance has.
It's also one reason I use the VPN through my travel router when traveling. Any of my personal stuff tunnels out over the VPN and I look like I am surfing from my house (with highly restrictive rules of course since this is not as trusted as if I were at my house). Mostly helps me when I'm in countries that begin with CHange and ends with tINA or begins with INdigo and ends with DIAphram - countries that have restrictive internet (no Netflix while traveling...WHAA?).
The router of course also protects me from network snooping as I was behind my travel router's firewall (which has NO ports open). I was able to see my coworker's shared files over the hotel wifi...I realize that this wifi is not as secure as my home, but better than nothing. Also using that router with a second travel router lets me connect to wired or wireless hotel networks WHILE having my OWN WLAN/LAN so I can actually use my Chromecast while traveling. VERY nice.
Sorry that got long, but you asked the right question that basically summed up one major thing I had been working on for 3 of the past 6 months. It was a long and difficult journey, but now that I am here, it was worth EVERY effort that I put into it.
--DanTasker, to a person who does Homeautomation...is like walking up to a Crack Treatment facility with a truck full of 3lb bags of crack. Then for each person that walks in and out smack them in the face with an open bag.
Comment
-
Last night my PFSense power brick blew up (literally melted) and trashed the BSD hard drive on it's way out.
I tried a repair and it didn't work restoring my configuration so I built it from scratch.- Pete
Auto matorHomeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram
HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant
Comment
-
Originally posted by Pete View PostLast night my PFSense power brick blew up (literally melted) and trashed the BSD hard drive on it's way out.
I tried a repair and it didn't work restoring my configuration so I built it from scratch.
That brings a whole other bag of worms on how safe you feel with all this electrical stuff we add. It's a concern in the back of my head all the time. Especially dimmers and switches.
Comment
-
I had a fluke electrical thing a few years back that took out 90% of my Insteon switches.
I have a commercial style TVSS next to the panel. This device has alarm panel connections (a bit overkill; but a great deal on the purchase).
The outdoor AC condensor contactor shorted out, back feeding 220VAC to the house electric. Mostly the circuit breakers kicked on (except for a couple of them).
The outdoor HVAC unit did catch fire and melted the freon lines releasing all of the freon. I installed another surge protector outside next to the HVAC compressor last year (or year before).
This all happened on a very warm and muggy nigh (and it was raining).
That ended my Insteon use and I finished migrating to UPB.
I have had one Z-Wave switch do a flash a burn behind the family room coach once. (only one to date).Last edited by Pete; June 2, 2016, 06:12 PM.- Pete
Auto matorHomeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram
HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant
Comment
-
where i live and the type of house i live in, im not worried about someone hacking my system to open the doors.
they are more likely to kick in the door and just go with that.
now the electric stuff melting into slag and causing a fire is a concern.HS3 Pro on Windows 8 64bit
53 Z-wave nodes(46 devices, 7 remotes), 15 DS10a's, 10 ms16a's, 9 Oregon Sensors, W800, RFXCOMtrx433, Way2Call, 3 HSTouch Clients, 2xRussound CAS44, Global Cache GC100-12,10 Rollertrol blinds(+ zwave) ,3 Squeezebox Radios and 1 Squeezebox Boom,DMX Arduino via ethernet,Rain8Net,3x Echo Dot's
Check out my electronics blog here:
https://www.facebook.com/RaptorsIrrationalInventions
Comment
Comment