eyost Posted November 6, 2014 Posted November 6, 2014 Hi all, I recently added an ISY to my network and am looking to set it up so I can access it via the internet. Before starting flipping switches and potentially opening up a security hole into my network, I wanted to see what is best and most secure method to set it up for internet access. My wireless access point for my WiFi is a UVerse Residential Gateway (Xwire). I am on Mac Yosemite with iOS 5s. Ideally I would like to access my system via the internet either through the iPhone or a Web Browser to check status of lights and control lights and devices. Thanks for any suggestions or recommendations. Ed
Teken Posted November 6, 2014 Posted November 6, 2014 There really isn't such a thing as secure when the network is open to the outside world. The closet you will get is via VPN where the session / data is encrypted and secured. Regardless of what method you use, (port forwarding, VPN, remote session) ensuring limited and isolation to sub systems is key to reduce damage and loss.
stusviews Posted November 6, 2014 Posted November 6, 2014 http://www.universal-devices.com/docs/ISY994%20Series%20Network%20Security%20Guide.pdf
eyost Posted November 7, 2014 Author Posted November 7, 2014 There really isn't such a thing as secure when the network is open to the outside world. The closet you will get is via VPN where the session / data is encrypted and secured. Regardless of what method you use, (port forwarding, VPN, remote session) ensuring limited and isolation to sub systems is key to reduce damage and loss. Thanks, I guess I need to work on establishing some type of VPN or adding layers to make it as difficult as possible to get to the network.
Teken Posted November 7, 2014 Posted November 7, 2014 Thanks, I guess I need to work on establishing some type of VPN or adding layers to make it as difficult as possible to get to the network. I believe it comes down to what your over all goal is and keeping in mind more access does not equate to more reliability. I come from a time where everything was done at a local level because there was no such thing as networking, remote access, or relaying commands. I can tell you from a technical, security, and safety stand point that you do not want your HVAC to be cloud based. The only benefit to a computerized TSTAT is more control / access. It will not make your home any warmer, colder, or safer. Having the ability to control your lights, doors, HVAC, security, is a great flexibility and convenience. But, I am sure you already know before the Internet and computers our homes were just as warm, cool, and safe. What remote access brings is a balance between security and the ability to do something. Even with all the hi tech devices in my home the foundation and base is designed around autonomy, isolation, and fail over. Its safe to say once something is set or in place its either not used, or rarely utilized.
Michel Kohanim Posted November 7, 2014 Posted November 7, 2014 Hi eyost, You do not need to make any VPN connections to ISY. All you need to do is: 1. Make sure you install a certificate (it can be self signed) 2. Always use HTTPS when you access ISY remotely and don't ever open the http port to the outside world 3. Change your password every 6 months With kind regards, Michel
eyost Posted November 19, 2014 Author Posted November 19, 2014 Hi eyost,You do not need to make any VPN connections to ISY. All you need to do is:1. Make sure you install a certificate (it can be self signed)2. Always use HTTPS when you access ISY remotely and don't ever open the http port to the outside world3. Change your password every 6 monthsWith kind regards,Michel Michel, Thanks for the reply. Are the self signed certificates something I create or is it available here? Also, is HTTPS established at the ISY level? Thanks for the help and patience. I know enough about networking to get around and am cautious. Ed
eyost Posted November 19, 2014 Author Posted November 19, 2014 I believe it comes down to what your over all goal is and keeping in mind more access does not equate to more reliability. I come from a time where everything was done at a local level because there was no such thing as networking, remote access, or relaying commands. I can tell you from a technical, security, and safety stand point that you do not want your HVAC to be cloud based. The only benefit to a computerized TSTAT is more control / access. It will not make your home any warmer, colder, or safer. Having the ability to control your lights, doors, HVAC, security, is a great flexibility and convenience. But, I am sure you already know before the Internet and computers our homes were just as warm, cool, and safe. What remote access brings is a balance between security and the ability to do something. Even with all the hi tech devices in my home the foundation and base is designed around autonomy, isolation, and fail over. Its safe to say once something is set or in place its either not used, or rarely utilized. Yep. My primary goal is status and control of lights and status of garage door. I don't plan on wanting to open and close the garage door via the Internet; that would be a security nightmare. I just have caught myself so many times wondering if I closed the door as I am halfway to work. Ed
apostolakisl Posted November 19, 2014 Posted November 19, 2014 I wouldn't be so concerned about controlling your garage door over the internet. Using the https connection is going to be more secure than your garage door actually is. A garage door can be opened with a crow bar in like 2 seconds, so anyone who wants in, is going to get in the easy way, not spend days trying to crack your security key.
Michel Kohanim Posted November 20, 2014 Posted November 20, 2014 Hi Ed, You can create self signed certificates in the dashboard: http://wiki.universal-devices.com/index.php?title=Main_Page#Network_Security With kind regards, Michel
Recommended Posts