Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Could A 'Smart Firewall' Protect IoT Devices?

Posted by EditorDavid on from the home-network-of-things dept.

To protect our home networks from IoT cracking, Ceaus wants to see a smart firewall: It's a small box (the size of a Raspberry Pi) with two ethernet ports you put in front of your ISP router. This firewall is capable of detecting your IoT devices and blocking their access to the internet, only and exclusively allowing traffic for the associated mobile app (if there is one). All other outgoing IoT traffic is blocked... Once you've plugged in your new IoT toaster, you press the "Scan" button on the firewall and it does the rest for you.
This would also block "snooping" from outside your home network, and of course, keep your devices off botnets. The original submission asks "Does such a firewall exist? Is this a possible Kickstarter project?" So leave your best answers in the comments. Could a smart firewall protect IoT devices?

2 of 230 comments (clear)

  1. Ideally a manifest/profile from IoT makers... by mlts · · Score: 5, Informative

    Ideally, there should be a profile/manifest IoT makers have as standard with their devices. This shows what incoming/outgoing ports and hosts the IoT device communicates with. Everything else should be blocked as default from the router. This should be in some central registry or a standardized URL system, so a home firewall could, once it recognizes a certain IoT device, grab a profile and run with it.

    Of course, a lot of IoT makers would just put in that the device takes incoming/outgoing traffic from anything and everything, but hopefully there might be come makers who give a shit enough about security to put in limits of what their devices can and do not try communicating with.

    This way, a firewall, once it registers a device can automatically apply a profile and call it done. Of course, there are security issues, but this is a giant step forward, compared to letting the device have unfettered access in and out.

  2. Re:The answer is no, this is pointless by Wizarth · · Score: 3, Informative

    I understand there is also some sillyness involving UPNP in some devices, so you can connect to the device "from your phone", as in, from the wider Internet. This probably includes the initial connection brokered through a central service, but much of the bulk data via direct connection.