www.homeseer.com    
 

Go Back   HomeSeer Message Board > General Home Automation > General Home Automation Hardware Discussion > Personal Computers

Personal Computers Discussion area for NON-HomeSeer related discussions on personal computers, hardware and operating systems.

Reply
 
Thread Tools Display Modes
  #341  
Old September 18th, 2017, 08:26 PM
Kerat Kerat is offline
Seer Master
 
Join Date: May 2016
Location: Colorado USA
Posts: 576
PFSense Firewall Group purchase interest

Now that I am reading that I should have noted patching being the third vector for attack. (Editing)


Sent from my iPhone using Tapatalk

Last edited by Kerat; September 18th, 2017 at 08:50 PM.
Reply With Quote
  #342  
Old September 18th, 2017, 08:49 PM
Kerat Kerat is offline
Seer Master
 
Join Date: May 2016
Location: Colorado USA
Posts: 576
Quote:
Originally Posted by waynehead99 View Post
This reminds me of something recently in the news. Oh yea that small equifax issue.

That's how they got in... default admin password to a piece of equipment.

Agreed, 1 mistake 145 Million people thrown at the wolves...


Sent from my iPhone using Tapatalk
Reply With Quote
  #343  
Old September 19th, 2017, 06:13 AM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,715
The entire IOT industry is still in it's infancy and what's more society at large is already comfortable with losing privacy, or at least oblivious to it.

Hear! Here!

Go slow here (baby steps) now relating to adding the pieces of segregating your home network and security in general.

Note that you are doing more than the average home owner connected to the Internet.
__________________
- Pete

Automator

Last edited by Pete; September 19th, 2017 at 06:25 AM.
Reply With Quote
  #344  
Old September 19th, 2017, 11:21 AM
Kerat Kerat is offline
Seer Master
 
Join Date: May 2016
Location: Colorado USA
Posts: 576
Quote:
Originally Posted by Pete View Post
[I]
Note that you are doing more than the average home owner connected to the Internet.

Agreed, this is more than most people do, but I am starting to think it is becoming a pre-requisite.




Sent from my iPhone using Tapatalk
Reply With Quote
  #345  
Old September 19th, 2017, 01:45 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,715
On a rant....

99.9% of small offices (20-50 employees) that I have looked at personally follow no internet security precautions which is sad.

Consumer Reports states that much personal ID theft is occurring in hospitals and small and large medical and dental offices.

This has happened with much public sector stuff mostly assuming that no one was ever looking.

Mostly seen routers left at default settings and databases in a DMZ with full views inside and outside on the Internet.

I have seen this come up with installation of software managed in the cloud by companies that know how to install software or clients or databases but have no experience in router / switch management.
Reply With Quote
  #346  
Old September 19th, 2017, 01:47 PM
Monk's Avatar
Monk Monk is offline
Seer Master
 
Join Date: Jan 2009
Location: USA
Posts: 666
Quote:
Originally Posted by Pete View Post
On a rant....

99.9% of small offices (20-50 employees) that I have looked at personally follow no security precautions which is sad as Consumer Reports states that much personal ID theft is occurring in hospitals and medical offices.
Here Here! Bugs me the most is sharing of passwords!
Reply With Quote
  #347  
Old September 19th, 2017, 01:54 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 13,715
In the 1990's and working IT at a bank; most computer / terminal users taped their passwords to the monitors or under the keyboard.

Computers are always left on even after hours. Personally saw bank thefts occurring after hours and all that was there at night was security (?).

It's not changed today even with security audits.
Reply With Quote
  #348  
Old September 19th, 2017, 10:18 PM
Rvtravlr's Avatar
Rvtravlr Rvtravlr is offline
Seer Deluxe
 
Join Date: Aug 2013
Location: Reno, Nevada
Posts: 320
Quote:
Originally Posted by Kerat View Post
There are some IOT devices that require access to the Internet (ex: echo). I lucked out here as my echo dot was wifi only. Here, I relegate those devices to my guest network that does not have access to my internal subnet but does have access to the Internet. My wireless AP (Ubiquiti) has a feature called "guest Isolation" which disallows devices on the guest network from communicating with each other.
We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?
__________________
Michael

HS3 Pro 3.0.0.357 | 737 devices | 325 events | OpenSprinkler | BLShutdown | BLAlarm | EasyTrigger | NetCAM | Harmony Hub | Sonos | SDJ-Health | BLUPS | PHLocation | BLBackup | BLLock | Z-Wave | weatherXML | Pushover 3P | Blue-Iris |
Reply With Quote
  #349  
Old September 19th, 2017, 10:28 PM
aptalca aptalca is offline
Seer
 
Join Date: Nov 2016
Location: Maryland, US
Posts: 49
Quote:
Originally Posted by Rvtravlr View Post
We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?
Echo/alexa controls many devices through the internet (including hs3). Only a few devices are controlled directly.
Reply With Quote
  #350  
Old September 20th, 2017, 12:12 PM
Kerat Kerat is offline
Seer Master
 
Join Date: May 2016
Location: Colorado USA
Posts: 576
Quote:
Originally Posted by Rvtravlr View Post
We use our Echos to control devices. What is the suggested course to allow this behavior without compromising my internal LAN?

Conventionally, the workflow for echo skills put amazon web services in the middle of the communication between an Echo and the IOT device (ex: HA server) to be controlled. This means that the Echo needs access to the public Internet, and the IOT device needs access to the public Internet.

My recommendation would be to, keep the Echo on the inside of a firewall (not directly connected to the Internet, isolate the Echo from the rest of your internal network, and only provide access for the Echo to the public Internet.

A guest network would facilitate these requirements.


Sent from my iPhone using Tapatalk
Reply With Quote
  #351  
Old September 20th, 2017, 11:18 PM
Rvtravlr's Avatar
Rvtravlr Rvtravlr is offline
Seer Deluxe
 
Join Date: Aug 2013
Location: Reno, Nevada
Posts: 320
So, does the HS skill use myhs to interact with HS3?
Reply With Quote
  #352  
Old September 20th, 2017, 11:54 PM
aptalca aptalca is offline
Seer
 
Join Date: Nov 2016
Location: Maryland, US
Posts: 49
Quote:
Originally Posted by Rvtravlr View Post
So, does the HS skill use myhs to interact with HS3?
That's correct
Reply With Quote
  #353  
Old September 21st, 2017, 05:50 PM
Kerat Kerat is offline
Seer Master
 
Join Date: May 2016
Location: Colorado USA
Posts: 576
Quote:
Originally Posted by Rvtravlr View Post
So, does the HS skill use myhs to interact with HS3?


Yep, your HS3 server connects to MYHS your Echo connects to AWS. AWS communicates with MYHS directly to control your HS3 environment.


Sent from my iPhone using Tapatalk
Reply With Quote
  #354  
Old September 21st, 2017, 11:29 PM
Rvtravlr's Avatar
Rvtravlr Rvtravlr is offline
Seer Deluxe
 
Join Date: Aug 2013
Location: Reno, Nevada
Posts: 320
Thanks for the replies.

So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
Reply With Quote
  #355  
Old September 22nd, 2017, 08:44 AM
cheeryfool's Avatar
cheeryfool cheeryfool is offline
Super Seer
 
Join Date: Apr 2008
Location: Jersey Shore
Posts: 1,507
Quote:
Originally Posted by Rvtravlr View Post
Thanks for the replies.

So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
Yes, that's what I have now.
__________________
cheeryfool
Reply With Quote
  #356  
Old September 22nd, 2017, 08:59 AM
Bob_Linux_User's Avatar
Bob_Linux_User Bob_Linux_User is offline
Seer Deluxe
 
Join Date: Feb 2014
Location: Fayetteville, TN
Posts: 485
Quote:
So, I could put my echo dots on a guest network with access to the internet and AWS would still be able to reach my HS3 LAN.
Yesterday I moved all of my Foscam cameras and my Amazon Echos to the guest network to isolate them from my LAN. My LAN can access the Guest network but the Guest network cannot get to my LAN. I really wanted to put my SONOS system on the Guest network but the SONOS PI does not discover the speakers on a subnet.

Bob
Reply With Quote
  #357  
Old Yesterday, 08:28 PM
logbuilder logbuilder is offline
Seer Master
 
Join Date: Nov 2016
Location: Pacific North West
Posts: 531
Last night HS3 decided it wanted to update itself. This morning, nothing was working. All plugins were disabled. I was able to get it running again but I consider this unacceptable behavior. It should never update unless directed to do so.

I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?
Reply With Quote
  #358  
Old Yesterday, 08:57 PM
Bob_Linux_User's Avatar
Bob_Linux_User Bob_Linux_User is offline
Seer Deluxe
 
Join Date: Feb 2014
Location: Fayetteville, TN
Posts: 485
Quote:
I've been able to block iTunes and am wondering if anyone knows an IP address or domain that I could block that would prevent HS3 from updating?
I have never seen HS3 update itself without human intervention. There is a check box that tells HS3 to check for updates when restarted, but it only displays the update screen and requires an action by the operator to do the update. Even if Windows caused a restart (because of a W10 update) HS3 should not update.

Bob
Reply With Quote
  #359  
Old Yesterday, 09:32 PM
logbuilder logbuilder is offline
Seer Master
 
Join Date: Nov 2016
Location: Pacific North West
Posts: 531
I didn't think it was supposed to update either. After realizing that HS3 was not doing its job, I logged into the server and found all the plugins disabled. There was a window open that was asking something about updating to .357. I closed that window and restarted the plugins. It did not complete the update. Now I just want to block it with pfSense so it can't call home at all unless I disable the firewall rule.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using UltraLog3 HSPI Syslog with pfSense Firewall 2.3 Ultrajones UltraLog HSPI 0 February 21st, 2015 06:36 PM
PFSense VPN Tunnel Use Pete How-To's 0 August 21st, 2014 07:09 AM
TI203-RS232 group purchase (Aus TI103) Jumpyj HomeSeer X10 Plug-in 0 December 18th, 2013 05:54 PM
Potential Purchase Interest sckoman ISY Plug-in Beta (3P) 0 December 26th, 2008 05:44 PM
Louisville Group Interest fireball LUG General Discussion 17 February 27th, 2005 02:36 PM


All times are GMT -4. The time now is 01:05 AM.


Copyright HomeSeer Technologies, LLC