How to Make Smart Choices for Your Smart Home: Part 2


Facebook Tweet mail
blog post author image
Written by Guest | June 26th, 2019
Our goal here at is to provide you with the honest, reliable information you need to find companies you can trust.

Guest Post by D. Greg Scott

This is Part 2 of a two-part series. Read Part 1 here.

Your new smart home may need a smarter network

In part one of this article series, I suggested a few things to consider when shopping for a thermostat, door lock, baby monitor, kitchen appliance, or other smart home IoT (Internet of Things) device. Here, in part two, I’ll share some thoughts on deployment.

Right away, that word, deployment, should stand out. We deploy things at work. At home, we unpack consumer devices and start using them. Not anymore. That internet-connected washing machine you just brought home is really a website with a peripheral device attached. If you deploy it improperly, you’ll invite the whole world into your laundry room. And from there, some of the people you invite will probe every nook and cranny of your home.

Like it or not, you’re taking on the same problems as multibillion-dollar companies. Except most businesses locate their websites with professional hosting services. By definition, your smart home device is inside your home. You can’t outsource it into the cloud.

Welcome to the internet hosting business. It’s time to step up your game.

We need to address two key questions with smart home IoT devices:

  • How does the world find our devices?
  • How do we secure our devices?

And these lead to deeper questions.

Finding ourselves

Every single IoT device needs a unique identity on the internet. If you can control your door locks from your cell phone, it stands to reason your cell phone needs a way to find the locks from the other side of the planet. There are three choices:

  • Dynamic DNS
  • Static IP Address(es)
  • Third-party intermediary.

DNS (Domain Naming System) assigns names to IP Addresses. Visualize DNS by looking up your neighbor’s phone number in a directory. But unlike phone numbers, most home networks have dynamic IP Addresses, which means they change from time to time – sometimes, minute by minute. Work around this problem by signing up with a dynamic DNS service. Dynamic DNS services are supposed to keep those name translations current with changing IP Addresses. The good ones cost money every month. The free services come and go, and your mileage may vary.

Solve the dynamic DNS problem by acquiring a range of static IP Addresses from your internet service provider for your home internet connection. Static IP Addresses are good because they don’t change. Static IP Addresses are bad because they cost money and the internet is running out of them. IPV6 will cure the IP Address shortage, but IPV6 has been two years from wide adoption since 1988.

Sometimes, IoT devices are really a beachhead into your home for companies that want to sell you stuff. Amazon, Google, and others offer devices that register with their companies. If you buy, say, an Amazon Echo, Amazon records every interaction you have with it, and the path into your home from the rest of the world goes through Amazon. If you trust a team of marketing analysts inside your home 24/7, then devices like the Echo offer great conveniences.

Securing ourselves

You need to do two things:

  • Protect your devices from bad guys
  • Protect yourself from your devices.

NAT (Network Address Translation) is your friend, and you already use it in your home network. You’ll need to expand it to accommodate your devices. All kinds of NAT tutorials are available. Here’s the one sentence summary. Give your device a private IP Address, visible only in your home network, and set your firewall to advertise it to the world with a public IP Address.

That simple NAT gateway setup will protect against nearly all the junk flying around the public internet. But it’s not enough. Even though you closed the Illinois Tollway of traffic from pounding your device, the world still has a path to it. It will only take a few seconds for automated probes from everywhere to find it. Defend yourself. Make sure you change any factory default passwords and lock down all the security settings. And make sure your patches are up to date, both in your devices and your firewall.

And that’s still not good enough. You need another defense layer in case somebody compromises your devices. Limit potential damage by segregating your network into zones, just like big companies should do (but many don’t and some pay dearly for it). One zone has your computers, TVs, printers, tablets, and cell phones. Another, called a DMZ (the acronym really does stand for demilitarized zone – it’s a metaphor) has your IoT devices partially exposed to the internet behind your NAT gateway.

Here’s where it gets tricky. Those IoT devices probably connect to a home Wi-Fi network. But most homes only offer one Wi-Fi for everything. Your home needs to do better. You need at least two semi-independent Wi-Fi networks; one for your DMZ with your IoT devices, the other for the traditional family network.

To make this work, you could buy another consumer-grade Wi-Fi router, but there’s a more secure way to do it for about the same cost, using a concept called VLANs (Virtual Local Area Network). With VLANs, traffic shares the same physical medium, but one network cannot interact with the other except where the VLANs meet at a router; in this case, your internet firewall. Put rules in the firewall to carefully regulate any traffic between the family network and your DMZ with your devices.

You’ll need VLAN support in all your networking components, including your Wi-Fi access point, firewall, and Ethernet switch, to pull this off. You’ll also need your Wi-Fi access point to support at least two SSIDs (service set identifier – your Wi-Fi network name). This probably means you’ll need to upgrade your entire home network.

Why bother?

Even with all that, if somebody compromises, say, a cheap security camera, a bad guy can still use it to attack somebody else on the other side of the internet. That happened in 2016 on a massive scale. But at least your private stuff will be safe. And if your firewall has the ability to monitor traffic in and out, you have a decent chance of finding and fixing your compromised device.

Is all this a hassle? Yep. You’ll face a learning curve and you’ll spend time and money on home infrastructure upgrades. Your neighbors might even ridicule you for going to all this trouble. But while your neighbor’s internet-connected washing machine is sending their private information to a crook in eastern Europe, your internet-connected devices will never find your private stuff. That makes it worth the trouble.

D. Greg Scott is an author and cybersecurity professional. Check out Greg’s novels on his website.

The Top Identity Theft Companies

company logo
#1 LifeLock chevron_right
9.9 Overall Score
company logo
#2 IdentityIQ chevron_right
8.6 Overall Score
company logo
#3 LegalShield IDShield chevron_right
8.0 Overall Score

Related Articles

Card image cap
2019 Identity Theft and Scam Trends: Part 2

This is Part 2 of a two-part article. Read Part 1 here. It’s impossible to be 100 percent accurate when it comes ...

Read More
Card image cap
2019 Identity Theft and Scam Trends: Part 1

This is Part 1 of a two-part article. Read Part 2 here. From 2017 to 2018, the U.S. population experienced an abundance ...

Read More
Card image cap
The Heartbreak of Spousal Identity Theft

It's Valentine's Day and you and your spouse are enjoying a candlelit dinner at your favorite restaurant. Everything fe...

Read More