Network Setup and ATV/iTunes/Airplay....

[gpspad]

Sorry if this topic gets into the weeds of network setup, but curious how people are setting up their home networks. i finally got around to laying out some ethernet connections and its a huge difference in speed, but in setting it up I started reading about network setup and security.

Im a total novice but started reading about this "three dumb routers" setup philosophy I read somewhere. The theory is you divide your home network into three parts; one part for your main work setup, one part for all your home control stuff, and one part as a guest network. The switches go behind the threes separate routers and have their own domain ranges and can only see the items in that group.

The thought being that the firmware in the thermostats, tvs, ect....should be away from your main computer network as they are the most hackable devices. It would be easy to do with an few switches and an extra router, but if I put the ATV's on the home control network I would loose iTunes Home sharing and the benefits of airplay.

I like the concept, but now that I have the HDHomeruns working, I like watching TV on my desktop computers, this would kill that if all the Media stuff is on the Home network side. Also to use my phone to control the nest and any other home automation stuff, it would have to go to the internet to cross over to the home control part of the network.

My heads hurting already thinking about this, I was just curious if anyone put any thought into this and how have you setup your network in a smart home?

 

[cynics]

I just have everything on one network for ease of use.

I guess there is nothing wrong with having that level of security but a lot of the time not worth the hassle.

For example your Nest thermostat doesn't have capabilities to access your computer even on the same network. And if you are dealing with someone with that skill level 1) Its unlikely they are going to be wasting their skills and talent on you. 2) You are only giving yourself peace of mind through a false sense of security because if they are talented enough to hack in through another device do you think isolating your network is impossible for them to overcome?

 

[gpspad]

I just have everything on one network for ease of use.

I guess there is nothing wrong with having that level of security but a lot of the time not worth the hassle.

For example your Nest thermostat doesn't have capabilities to access your computer even on the same network. And if you are dealing with someone with that skill level 1) Its unlikely they are going to be wasting their skills and talent on you. 2) You are only giving yourself peace of mind through a false sense of security because if they are talented enough to hack in through another device do you think isolating your network is impossible for them to overcome?

The Nest was just an example, soon there will be dozens of small devices accessing the internet on our networks. Some will be from good companies, so from companies we have never heard from. Millions have been hacked of credit card and personnel info in blanket attacks written into small bits of code.

Having a secure network isn't just to protect you from a solo hacker thats after you. People have written code that infect millions of of people, when something as simple as changing the default password would have made a difference.

The connivence of everything working together out weighs separating the domains, so I probably won't do it, but was looking for some ideas on how people may have setup media networks....

 

[Matthew Essex]

You could look at creating vlans, this way different devices could live inside different vlans within your network.
You could then allow certain vlans to pass data onto other vlans but deny others. Although I don't think it's entirely necessary in a home environment it's easy to delete and start from scratch.