Disable Login from LAN

[johnnyt]

Would like to see the ability to disable login from LAN subnet.

 

I continue to (intermittently but frequently) have to login twice on both my Vista 32-bit and my Windows 7 64-bit machine. (see http://forum.universal-devices.com/viewtopic.php?t=5245)

 

I read in a post here somewhere that UDI is not allowing this as a way to address a risk that disabling LAN login could allow a hacker to open/close a garage door, or disable a security system, etc. even when someone is using a NAT router, the typical case in even the most basic residential applications with more than one networked device.

 

Maybe I'm missing something about the likelihood and impact of the risk and the extent to which UDI is liable for what could happen but couldn't someone who choses the "risky" option simply be told the risk and allowed to decide for him/herself about it?

 

Like most people I use a NAT router and, perhaps like many, only use ISY for fairly benign things. But even if I did use it with my security system and HVAC thermostat, I would have absolutely no problem leaving this small crack in the armour since I don't consider it likely to be exploited.

 

I would mention that my HomeSeer setup does allow me to bypass login from my LAN and it does control my security system and HVAC thermostat - and has done so for over 10 years now without any hacker incidents.

[Michel Kohanim]

Hello johnnyt,

 

Thanks so very much for the feedback.

 

From LAN vs. not from LAN do not mean much to hackers simply because all packets can be sniffed and modified with source/destination addresses. Furthermore, just because X does something does not make it right.

 

In any case, we have this requirement in our list and we'll take it into consideration in one of our future releases.

 

With kind regards,

Michel

[johnnyt]

Thanks for the reply.

 

I forgot to mention that I don't make my ISY available to the internet in case that makes a difference. (sorry, I'm not sure the point you're making.) Someone would have to hack into a computer on my LAN to see my ISY, at which point spoofing the source/destination address is moot, UDI cannot be held (or even feel) responsible for that, and access to the ISY is truly the least of my concerns. In fact, if the hacker did mess with my ISY, I would actually appreciate the tip off that someone has made it into my LAN. Better that than most of the other ways of finding it out.

 

Maybe it could be a feature that only works if you haven't enabled internet access?

 

Thanks for considering it.

[Michel Kohanim]

Hello johnnyt,

 

Thank you for the feedback.

 

We'll surely take this request into consideration in our next releases especially since we added a disclaimer that has to be agreed to (2.8.16 and above).

 

With kind regards,

Michel

[johnnyt]

Hi,

 

This is just to refresh my request for the ability to disable having to login. I don't need/want the added step as I don't allow access to my ISY from the internet, have good security protecting my LAN, trust everyone that has access to it, and can live with the impact if someone I don't allow does hack in.