• Aesculapius@kbin.social
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    Security risk is the bigger concern IMHO. These devices are often a security weak point for networks. Putting them on their own wifi network and then isolating that network is critical.

    • rehydrate5503@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      How can you ensure this is done? There are so many devices that need to connect to the internet and some that require access to other network devices to function.

      • Semperverus@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        1 year ago

        You basically need to employ network engineering level security - very tight firewall rules, use NAT where it’s available (IPv6 removes NAT, which ipv6 apologists will tell you is a good thing - they’re wrong, as it removes per-service level control and moves it out to per-device/per-NIC), and punch very specific holes to grant access where needed.

        Prevent north/south traffic entirely, limit east/west traffic heavily