Originally posted by Pete
View Post
Announcement
Collapse
No announcement yet.
PFSense Firewall Group purchase interest
Collapse
X
-
In the 1990's and working IT at a bank; most computer / terminal users taped their passwords to the monitors or under the keyboard.
Computers are always left on even after hours. Personally saw bank thefts occurring after hours and all that was there at night was security (?).
It's not changed today even with security audits.- Pete
Auto matorHomeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
HS4 Pro - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant
Comment
-
Originally posted by Kerat View PostThere are some IOT devices that require access to the Internet (ex: echo). I lucked out here as my echo dot was wifi only. Here, I relegate those devices to my guest network that does not have access to my internal subnet but does have access to the Internet. My wireless AP (Ubiquiti) has a feature called "guest Isolation" which disallows devices on the guest network from communicating with each other.Michael
Comment
-
Originally posted by Rvtravlr View PostWe use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?
Conventionally, the workflow for echo skills put amazon web services in the middle of the communication between an Echo and the IOT device (ex: HA server) to be controlled. This means that the Echo needs access to the public Internet, and the IOT device needs access to the public Internet.
My recommendation would be to, keep the Echo on the inside of a firewall (not directly connected to the Internet, isolate the Echo from the rest of your internal network, and only provide access for the Echo to the public Internet.
A guest network would facilitate these requirements.
Sent from my iPhone using Tapatalk
Comment
-
So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
Bob
Comment
-
Last night HS3 decided it wanted to update itself. This morning, nothing was working. All plugins were disabled. I was able to get it running again but I consider this unacceptable behavior. It should never update unless directed to do so.
I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?
Comment
-
I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?
Bob
Comment
-
I didn't think it was supposed to update either. After realizing that HS3 was not doing its job, I logged into the server and found all the plugins disabled. There was a window open that was asking something about updating to .357. I closed that window and restarted the plugins. It did not complete the update. Now I just want to block it with pfSense so it can't call home at all unless I disable the firewall rule.
Comment
-
Originally posted by logbuilder View PostI didn't think it was supposed to update either. After realizing that HS3 was not doing its job, I logged into the server and found all the plugins disabled. There was a window open that was asking something about updating to .357. I closed that window and restarted the plugins. It did not complete the update. Now I just want to block it with pfSense so it can't call home at all unless I disable the firewall rule.cheeryfool
Comment
Comment