Announcement

Collapse
No announcement yet.

PFSense Firewall Group purchase interest

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Originally posted by Pete View Post
    On a rant....

    99.9% of small offices (20-50 employees) that I have looked at personally follow no security precautions which is sad as Consumer Reports states that much personal ID theft is occurring in hospitals and medical offices.
    Here Here! Bugs me the most is sharing of passwords!

    Comment


      In the 1990's and working IT at a bank; most computer / terminal users taped their passwords to the monitors or under the keyboard.

      Computers are always left on even after hours. Personally saw bank thefts occurring after hours and all that was there at night was security (?).

      It's not changed today even with security audits.
      - Pete

      Auto mator
      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

      Comment


        Originally posted by Kerat View Post
        There are some IOT devices that require access to the Internet (ex: echo). I lucked out here as my echo dot was wifi only. Here, I relegate those devices to my guest network that does not have access to my internal subnet but does have access to the Internet. My wireless AP (Ubiquiti) has a feature called "guest Isolation" which disallows devices on the guest network from communicating with each other.
        We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?
        Michael

        Comment


          Originally posted by Rvtravlr View Post
          We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?
          Echo/alexa controls many devices through the internet (including hs3). Only a few devices are controlled directly.

          Comment


            Originally posted by Rvtravlr View Post
            We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?

            Conventionally, the workflow for echo skills put amazon web services in the middle of the communication between an Echo and the IOT device (ex: HA server) to be controlled. This means that the Echo needs access to the public Internet, and the IOT device needs access to the public Internet.

            My recommendation would be to, keep the Echo on the inside of a firewall (not directly connected to the Internet, isolate the Echo from the rest of your internal network, and only provide access for the Echo to the public Internet.

            A guest network would facilitate these requirements.


            Sent from my iPhone using Tapatalk

            Comment


              So, does the HS skill use myhs to interact with HS3?
              Michael

              Comment


                Originally posted by Rvtravlr View Post
                So, does the HS skill use myhs to interact with HS3?
                That's correct

                Comment


                  Originally posted by Rvtravlr View Post
                  So, does the HS skill use myhs to interact with HS3?


                  Yep, your HS3 server connects to MYHS your Echo connects to AWS. AWS communicates with MYHS directly to control your HS3 environment.


                  Sent from my iPhone using Tapatalk

                  Comment


                    Thanks for the replies.

                    So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
                    Michael

                    Comment


                      Originally posted by Rvtravlr View Post
                      Thanks for the replies.

                      So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
                      Yes, that's what I have now.
                      cheeryfool

                      Comment


                        So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
                        Yesterday I moved all of my Foscam cameras and my Amazon Echos to the guest network to isolate them from my LAN. My LAN can access the Guest network but the Guest network cannot get to my LAN. I really wanted to put my SONOS system on the Guest network but the SONOS PI does not discover the speakers on a subnet.

                        Bob

                        Comment


                          Last night HS3 decided it wanted to update itself. This morning, nothing was working. All plugins were disabled. I was able to get it running again but I consider this unacceptable behavior. It should never update unless directed to do so.

                          I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?

                          Comment


                            I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?
                            I have never seen HS3 update itself without human intervention. There is a check box that tells HS3 to check for updates when restarted, but it only displays the update screen and requires an action by the operator to do the update. Even if Windows caused a restart (because of a W10 update) HS3 should not update.

                            Bob

                            Comment


                              I didn't think it was supposed to update either. After realizing that HS3 was not doing its job, I logged into the server and found all the plugins disabled. There was a window open that was asking something about updating to .357. I closed that window and restarted the plugins. It did not complete the update. Now I just want to block it with pfSense so it can't call home at all unless I disable the firewall rule.

                              Comment


                                Originally posted by logbuilder View Post
                                I didn't think it was supposed to update either. After realizing that HS3 was not doing its job, I logged into the server and found all the plugins disabled. There was a window open that was asking something about updating to .357. I closed that window and restarted the plugins. It did not complete the update. Now I just want to block it with pfSense so it can't call home at all unless I disable the firewall rule.
                                cheeryfool

                                Comment

                                Working...
                                X