How to Create a Bulletproof IoT Network to Shield Your Connected Devices

Andrej Kovacevic
connecgted devices, network, security
Illustration: © IoT For All

Today, IoT and connected devices are becoming prime targets for hackers everywhere. And while there’s no magic bullet to secure them all against every possible attack, it’s not that hard to create a purpose-built network for your IoT devices to keep them as safe as possible.

Over the past few years, more and more connected devices have made their way into consumers’ homes. And those devices have enabled all manner of convenience – from refrigerators that suggest recipes based on the ingredients available inside to connected doorbells that let people keep tabs on their property while they’re away. But they’ve also created a new and massive attack surface for hackers to exploit.

And that’s dangerous because the average homeowner doesn’t have the technical know-how to keep their home network safe from a determined attacker. But there are some simple defensive measures that anyone can take to reduce their odds of being victimized. But to understand that, it’s first necessary to understand what it is that you’re trying to defend against. So, here’s a rundown of what threats homeowners with connected devices face and a simple plan to neutralize them.

Weaponizing IoT

By far, the biggest threat that homeowners face concerning all of their connected devices is the chance that an outsider might gain access to them and use them for nefarious purposes. The recent past is littered with examples of such devices becoming part of sophisticated botnets that end up taking part in massive denial of service attacks.

But although you wouldn’t want any of your devices used for such a purpose, the truth is that if it happened, it likely wouldn’t affect you at all (not that I’m advocating that anyone ignore the threat). The average person really should be worried about the chance that a hacker might use the access they gain to a connected device as a jumping-off point to a larger breach of the network.

That exact scenario has already played out inside multiple corporate networks, and the same is possible for in-home networks as well. And if it happens, a hacker might gain access to the data stored on every PC, laptop, tablet, and phone connected to the same network as the compromised device. And that’s what the following plan should help to prevent.

A Simple Defensive Strategy

In any network security strategy, the most important tool available in isolation. That is to say; the goal is to wall off access between the devices on your network so that a single compromised device can’t be used as a means of getting at anywhere else. And in a home network, the easiest method to do this is to purchase a second WiFi router with a built-in firewall and set up a second network for connected devices only. Here’s what you’ll want to do next.

1. Configure New WiFi Network for Maximum Security

Once the new router is connected to the internet (via your ISP’s modem), you’ll want to set up a name for your new WiFi network. Then you’ll want to enable the maximum encryption the device supports (typically WPA2 or WPA3), disable the SSID broadcast, and enable MAC filtering only to allow the devices you specify to connect. And for an extra bit of security – set up your new router to use Quad9’s DNS servers because they’ll keep your devices from talking to any known malicious internet sites.

2. Choose a Reliable VPN to Safeguard the Router

The next thing to do is to choose a reliable VPN provider that supports router installation. But don’t get too lost while comparing the ExpressVPN Vs. PureVPN – as long as the provider works with your router, it’s fine to use. What’s more important, though, is to get it set up on your router using the provider’s instructions and then to use the router’s firewall to block internet access to any address other than the VPN server you’re planning to connect to. Doing this will make it much harder for an attacker to gain direct access to your connected devices.

3. Enable the Router’s Isolation Feature

The last simple step is to locate and enable a feature on your router that keeps connected devices from communicating with one another. Depending on your router model, the setting might be called:

  • Wireless Isolation
  • AP Isolation
  • Station Isolation
  • Client Isolation

No matter the name, the setting’s practical effect is that each device can only transmit data to and from the internet (in this case, over the VPN you’re using). None of the devices will have any way of communicating with one another – which means even if someone manages to break through your other defenses, they won’t get anywhere beyond the single compromised device.

As Safe as Possible

It’s important to remember that there’s no such thing as perfect security. But by configuring a network just for your connected devices using the steps mentioned here will get you pretty close. In practice, it throws up enough barriers to anyone trying to get at your devices that it won’t be worth their time. And in the unlikely event that someone gets to a device anyway, it will contain the damage they’re able to do. Plus, you’ll get a crash-course in WiFi networking in the process – and you never know when that will come in handy, too.

Author
Andrej Kovacevic
Andrej Kovacevic
Andrej is a dedicated writer and digital evangelist. He is pursuing an ongoing mission to share the benefits of his years of hard-won expertise with business leaders and marketing professionals everywhere. He is a contributor to a wide range of te...
Andrej is a dedicated writer and digital evangelist. He is pursuing an ongoing mission to share the benefits of his years of hard-won expertise with business leaders and marketing professionals everywhere. He is a contributor to a wide range of te...