[Tfug] Static/Dynamic (IP,name) bindings

[Robert Hunter]

On Thu, Sep 13, 2012 at 9:11 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
> Yes, but that would only be common in enterprise scenarios.
> I suspect you won't find any SOHO kit with those features!

Your "SOHO" argument doesn't exactly hold up.  Support for features
like VLANs, and firewalls are available on many consumer-grade routers
-- if not out-of-the-box, then possibly via custom firmware, (e.g.,
DD-WRT, or Tomato).  You could also roll-your-own (e.g., an Intel box
+ NIC(s) + your favorite "unix"), or shop around for some old
enterprise gear.

> You wouldn't want to run the risk of someone (friend/foe)
> surreptitiously installing a new image in your HVAC controller
> just by plugging in a rogue host that tricks the controller
> into accepting a new image from *it* instead of the *real*
> image server...

I would start by reducing the exposure of your utility network.

> It seems that the only "safe" way of doing this is to use
> a more secure protocol.

Probably overkill.  However, I agree that many commonly used
networking protocols are showing their age.  And security is one of
those things that needs to be addressed at a more fundamental level.
It's a matter of the "common case" changing.  Twenty years ago, if you
were running a computer network at home, you were probably one savvy
guy.  These days you risk annoying your guests if you don't have WiFi.
 And then you have to worry about those people who call themselves
"friends", but given the opportunity, would hack your home automation
systems.  Sigh.


-- 
RH