undefined | Better HN

0 pointsGodel_unicode3y ago0 comments

Not sure why you’re being downvoted, this is a very good answer. Maybe because you left out the implied “and then firewall off that vlan”?

0 comments

soebbing3y ago

Yeah, it seems to be the common consensus to just block everything going in and just make exceptions, where you really want to offer a service to the internet.

Makes total sense, thinking about it. I guess, all those years of just sitting behind a NAT makes one forget all these networking basics if you're not using them regularly.

Moving closed-source IoT devices into a special vlan, with some even more rigid rules (something like: only allow http/https traffic into the internal network) might be an additional level of security.

Thank all of you for your replies!

j / k navigate · click thread line to collapse

0 comments

soebbing3y ago

Yeah, it seems to be the common consensus to just block everything going in and just make exceptions, where you really want to offer a service to the internet.

Makes total sense, thinking about it. I guess, all those years of just sitting behind a NAT makes one forget all these networking basics if you're not using them regularly.

Thank all of you for your replies!

j / k navigate · click thread line to collapse