modex Posted January 3, 2014 Posted January 3, 2014 being new to isy, I am wondering what the possibility is of the system being hacked to create security, identity concerns.
Michel Kohanim Posted January 3, 2014 Posted January 3, 2014 modex, Definitely possible if: 1. You have an unsecure WiFi network ... in this case, everything in your network is vulnerable including ISY 2. For remote access, if you forward to ISY's unsecure http port (80), then when you are accessing ISY remotely, all traffic between you and ISY can be sniffed and decoded by any novice hacker (including your userid/password). So, you should NEVER forward to port 80 3. In the same vein as above, ISY comes with a default SSL certificate. For best security, it's best to either create your own self signed certificate or get one from a Certificate Authority (CA). If you do not access ISY remotely at all, then this is a moot point and you should not worry about it 4. For maximum security, make sure you have the PRO series and choose TLS 1.2 for protocol and at least medium strength for cipher suites and 2048 as key length (http://www.universal-devices.com/docs/I ... 0Guide.pdf) 5. ISY backup files are basically your system's configuration. I would not (personally) back them up on a cloud system that's not secure If you follow the four steps above, ISY should be almost as secure as your bank. With kind regards, Michel
shannong Posted January 6, 2014 Posted January 6, 2014 If you don't expose it to directly to the internet and have secure wireless then you're safe. Your problems lie elsewhere. This of course ignores other vectors when root kits or other malware provides remote access to laptops/PCs in your house. Your family and friends visiting malicious websites and getting infected with something is your biggest threat. Then hackers use those devices to have internal access to your house including watching keystrokes as you type in passwords to other devices like the ISY. Encryption sessions such as TLS doesn't help with that. Obviously if you expose your ISY directly to the internet (usually via port forwarding) then follows Mike's excellent recommendations. Ultimately, anything you connect to the internet can be hacked and poses a real threat regardless of whether your using an encrypted session to it. Since mine is also integrating with my home security system I only access my ISY over VPN when not at home.
Recommended Posts