Announcement

Collapse
No announcement yet.

Z-Net Interface Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Z-Net Interface Security

    Is there any way to password protect the interface to the Z-Net configuration screen? It appears that anyone (i.e. family members, visitors) allowed on the local network can access the configuration of the Z-Net device and make changes, effectively disabling the device. Unless I'm missing something, it makes it possible for devices, especially disconcerting, Z-Wave security devices to become unresponsive.

    I know there are workarounds, like moving the Z-Net and HS3 service to a segregated network, but . . .

    #2
    Disable:

    Tools -> Setup -> Network -> No Password Required for Local/Same Network Login (Web Browser/HSTouch)
    HW: HS3 w/ Win8.1 on ASRock C2550d4i. Digi AnywhereUSB, Hubport, Edgeport, UZB, Z-trollers, PLCBUS, SONOS, GC-100, iTach IP2SL, WF2IR, IP2IR, RFXtrx433, Harmony Hubs, Hue, Ademco Vista 128BP, NetAtmo, NetAtmo Welcome

    Google Search for HomeSeer Forum

    Comment


      #3
      Originally posted by LeoS View Post
      Disable:

      Tools -> Setup -> Network -> No Password Required for Local/Same Network Login (Web Browser/HSTouch)
      I was referring to the interface of the Z-Net interface, not of HomeSeer. I see no way to set a password when one opens a session directly to the IP address of the Z-Net device.

      Comment


        #4
        Originally posted by randycboone View Post
        I was referring to the interface of the Z-Net interface, not of HomeSeer. I see no way to set a password when one opens a session directly to the IP address of the Z-Net device.
        Though the only harm a local user could do is to change the IP address, I thought that was an oversight as well. If they deleted the IP address or put it on a different subnet, it would require a keyboard and monitor to get it back in service. My OWServers, GEM and every other network appliance I have requires a username and password for login. I'm sure someone in the Linux world can come up with a workaround, but I went ahead and filed Bugzilla enhancement request 2854.
        HS4 Pro, 4.2.19.0 Windows 10 pro, Supermicro LP Xeon

        Comment


          #5
          Originally posted by rprade View Post
          Though the only harm a local user could do is to change the IP address, I thought that was an oversight as well. If they deleted the IP address or put it on a different subnet, it would require a keyboard and monitor to get it back in service. My OWServers, GEM and every other network appliance I have requires a username and password for login. I'm sure someone in the Linux world can come up with a workaround, but I went ahead and filed Bugzilla enhancement request 2854.
          Thanks Randy. I use BLSecurity with a bunch of motion and door/window sensors to trigger Z-Wave sirens. Changing the IP address of the Z-Net device would shut down the security system. That can be a big deal. I thought I'd keep an eye on that Bugzilla ticket you filed, but I get "You are not authorized to access bug #2854."

          Comment


            #6
            Originally posted by randycboone View Post
            Thanks Randy. I use BLSecurity with a bunch of motion and door/window sensors to trigger Z-Wave sirens. Changing the IP address of the Z-Net device would shut down the security system. That can be a big deal. I thought I'd keep an eye on that Bugzilla ticket you filed, but I get "You are not authorized to access bug #2854."
            All Bugzilla tickets are now closed to anyone other than the original filer and to HST. If they make any change in the firmware I'm sure it will be posted on this board.
            HS4 Pro, 4.2.19.0 Windows 10 pro, Supermicro LP Xeon

            Comment


              #7
              Originally posted by rprade View Post
              All Bugzilla tickets are now closed to anyone other than the original filer and to HST. If they make any change in the firmware I'm sure it will be posted on this board.
              Bummer . . . but thanks.

              Comment


                #8
                I too was worried about this, I use a net at my 2nd house to communicate with my main home seer at my main residence, short of having to do a vpn , it's potentially open to attack
                detail of setup in profile. Link to videos of my projects there as well. Over 300 scripts running every min and counting

                Comment


                  #9
                  Is there an update on this (i.e., ability to access Z-Net IP configuration without a password)?

                  I'm also not thrilled that WiFi passwords are stored in clear text and available to anyone on my LAN (per http://board.homeseer.com/showthread...35#post1268235). I guess I should just delete my WiFi config when not in use anyway. But yikes...

                  Comment


                    #10
                    Yikes, I did not know this, thanks for bringing it up as I am just about to purchase my first Znet.
                    So I would like to know this as well, is it true that anyone can log into Znet if they know its ip address?

                    hope this has been fixed, because it would be a deal breaker for me.

                    Comment


                      #11
                      The z-net provides a web interface that allows modification of the network configuration (set ip address, etc), to apply the latest update if available, and to reboot the unit. This is accessible to anyone that has network access; there is no authentication mechanism. And yes, if you connect via Wifi, your clever WiFi password is readable by anyone with network access.

                      Comment


                        #12
                        no authentication, wow

                        zee s2 has at least basic authentication for web access, why you would not do the same for Znet is beyond me!

                        how do you guys get around this issue when Znet is deployed on shared networks? Anyone with network access can get into your Znet change its IP so nothing works?

                        BlairG, I think you deployed the Znet in similar setting as I intend to, where multiple users will have LAN access but I definitely do not want them to get into my Znets, how do you protect your Znets?

                        Comment


                          #13
                          If possible use a VLAN


                          Verzonden vanaf mijn iPhone met Tapatalk

                          Comment


                            #14
                            Originally posted by Amigo View Post
                            no authentication, wow

                            BlairG, I think you deployed the Znet in similar setting as I intend to, where multiple users will have LAN access but I definitely do not want them to get into my Znets, how do you protect your Znets?
                            The other day I deployed the 12th Znet on this network. At the end of this project we'll have 25 Global Cache devices, they require a login password. LOL.

                            Uumm yea, I'd password protect them in a heartbeat if HS made it possible. It's a tight network, secure firewall, but still if someone wanted to cause trouble, they could cause problems.

                            Mine are on VLAN, with unused ports turned off, only a slight deterrent.
                            Blair

                            HomeSeer: HS3 Pro | Blue-Iris 4 on Windows10Pro
                            | Devices: 832 | Events: 211 |
                            Plug-Ins: Z-Wave | RFXCOM | UltraRachio3 | Sonos
                            BLLAN | BLLOCK | NetCAM | Global Cache Pro | Blue-Iris4

                            Comment


                              #15
                              Thanks.
                              unfortunately not what I wanted to hear.
                              this is a deal breaker, if I told the client about the no authentication nature of Znet, knowing their IT dept., they would ask me to rip everything out. It is not matter of them providing me a VLAN, it is a matter of the perception they get about the devices sitting on their LAN.

                              I hope HST does something about this soon.

                              Comment

                              Working...
                              X