Announcement

Collapse
No announcement yet.

Philosophy: Security of connecting HS to Elk?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Philosophy: Security of connecting HS to Elk?

    I love the potential of this plug in. I'm thinking I'm going to use this plug in. But I have to wonder a bit about the security of connecting HS to my alarm system.

    In theory, if someone got access to my homeseer via MYHS (which is open to my WAN), then I'm theoretically pretty hosed. Is there a way to say that HomeSeer should only have access to the "more secure / status" features? I.e. it can't compromise security or access pin codes. It can only monitor things?

    Or is that already how it works? (which would be neat ).

    #2
    If someone hacks into your HS system, then yes, they can use your HS pages to disarm your alarm, bypass zones, and do all manner of mischief. It requires little bit of knowledge to create an event to disarm the system, but is easy for someone who knows what they're doing.

    If the plugin was crippled so it couldn't control the ELK, it would not be very useful, so it's a risk/benefit thing. The same is true of Z-wave door locks. If I lived in a Jason Bourne movie, he could check my cameras to see if I'm home, disarm the alarm, open my doors, and lift that thumb drive in my sock drawer before I knew it.

    That said, I do the best I can to secure the HS computer, and hope nobody discovers my past with Treadstone. I use only VPN and strong passwords for remote access.
    Mark

    Comment


      #3
      Thanks - that makes sense. I was thinking more like maybe it would be interesting to cripple it so it could only monitor and do "more secure" changes (e.g. arm the system but not disarm the system). I guess door locks also fall into that camp too though .

      How do you handle mobile access? Sounds like not via MyHS?

      I was planning to use Imperihome but I'm not sure if that'll work via VPN....then again, I don't know anything about setting up VPNs though it's on my list since I just installed Windows Server Essentials on my home server.

      Comment


        #4
        I do mobile access strictly via VPN from my phone and iPads to my router. I do not use MyHS.

        I use HSTouch as my mobile interface. And to your point, my HSTouch screens are set up such that you can see the status of all zones and arm the ELK, but you cannot remotely disarm it via HSTouch. So yes, you can cripple by virtue of what you add to your mobile interface. You can also password protect screens in HSTouch - I do this for door locks and certain other devices. If someone took my phone or iPad, and managed to get past the lock screen, they can see activity and play with my lights but could not do too much damage, until I figured it out and disabled their access.

        My vulnerability is if they figured out how to use my stolen phone/iPad to browse to my HS PC - then they could disarm via the scenario in my earlier post. But I hope that I would have the sense to know that I lost it and disable via my router before they figured that out.
        Mark

        Comment


          #5
          Got it. Thank you!

          Comment

          Working...
          X