Skip to main content

A Good Use for Guest WiFi

One of the key concepts behind network security is segmentation. In short, if two devices don't need to talk to each other, they shouldn't be allowed to talk to each other. That way, if one device causes problems, you can contain it and keep the problem from spreading to other devices.

These days, many home WiFi routers include a "Guest WiFi" network. To use this, you create a separate WiFi network with a separate password, and your guests use that.

There are a few reasons to do this:

  • You can create a really good, really long password for your "real" network, and a short password that you change every time you have company over.
  • Most routers keep the devices on the guest network separate not just from the main network, but from each other. This means that if one of your guests has a phone or laptop with a virus on it, everyone else is (relatively) safe.
I realized, though, that there's a different, and perhaps better way to use this guest network. It's related to how the different devices in the house use the network.
  • Many devices need to see each other and talk to each other. My laptop needs to see the printer. My phone needs to see the Chromecast attached to the TV.
  • Some devices only need to get to the internet. My eBook readers (nook, kindle, etc.) only need to reach the companies that sell books. My work laptop only needs to reach the work VPN.  My smart TV needs to be able to reach Netflix and Google Play, but nothing else.
This means that there's a pretty easy way to make things secure. If a device only needs to see the internet, put it on the guest network, even if it's not a guest.  All of those networked "smart" devices can be put into a little silo where they can't talk to anything else.

There are some downsides to this plan. The biggest is that it's often more difficult to change the password on these devices than it is to change the password on a phone or laptop, so you might be tempted to keep the same password for longer. But, that might not be much of a problem. It comes down to how many visitors you have on your guest network.  Big parties every weekend, with the password posted on the refrigerator? It might be best to change that guest password every Monday.  An occasional trusted guest? Who really cares if a few close friends have your guest WiFi password, especially if they can't interact with anything else?

I'm not the partying type. Only a few friends have our guest WiFi password. So, it's not really a big deal if we keep the same password for a long time. And if I use that password for the TV, that's a bit more segmentation on the network, which makes it a bit more secure.

The feature's there. It makes things better, and it's not much of a hassle, so I might as well use it.

Comments

Post a Comment

Popular posts from this blog

The Chromecast conceptual model

Google makes a device called Chromecast . It's a relatively inexpensive way to turn any TV into a "Smart" TV capable of playing movies or music. It's a clever bit of engineering, but I've run into a few people who have trouble understanding how they work. The key thing to understand is that the Chromecast is the device that's actually receiving and playing the movie (or whatever), and your phone is just the remote. Here's how the process works at a high level: You start watching a video on Youtube 30 seconds in, you decide that you'd like to watch the rest on your TV, so you press the "Cast" button. Your phone stops playing and tells the Chromecast "Get this video directly from Youtube and start playing at the 0:30 mark"  When your phone initially asks the Chromecast to start playing, it also specifies a "default thing" to do when the Chromecast is finished. If the Chromecast is playing a Youtube video, it might...
Post a Comment
Read more

Fixing Linux Audio

This is somewhat technical, and it's aimed at people who use Linux and are comfortable editing files from the command line. I was looking for a quick fix, but discovered that most of the documentation out there is wrong. So, I had to research what it all meant, figure out what the correct settings were, and write it all down. For the Impatient If you use Linux, and you're just looking for a quick way to make your sound better, add these lines to /etc/pulse/daemon.conf or $HOME/.config/pulse/daemon.conf   default-sample-format = s32ne default-sample-rate = 192000 high-priority = yes default-fragments = 8 resample-method = speex-float-10 I've tested this on Fedora and Ubuntu with no problems. Also, if you're using an external DAC (if you're not sure, then you're not using one), be sure that it has sufficient power (either plugged directly into the computer or into a powered USB hub. DO NOT plug it into an unpowered hub or dongle. A...
Post a Comment
Read more

The Virus By the Numbers

I'm writing this because there's some really insane stuff that's being said by people who should really know better, and I'm sick of discussing it one post or email at a time. So, this is my One Big Post that I'll point people toward rather than bringing it up again and again. In case you haven't noticed, we're in the middle of a pandemic. Just so that we're all using the same terminology:  The virus is Severe acute respiratory syndrome Coronavirus 2 . It's usually abbreviated SARS-CoV-2. It's a brand new kind of Coronavirus, so for a while, before it had this awkward name, people were calling it "novel coronavirus". (For the non-English speakers and D students, "novel" is another word for "new".) The disease that the virus causes is called Coronavirus Disease 2019 , and it's usually abbreviated COVID-19. It's called that because it was discovered in 2019. This came out of nowhere in China in late ...
Post a Comment
Read more