UDM Pro - Beginners Guide to Securing VLANs

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys welcome to the ethernet blueprint Channel my name is Tim tritch and on this channel we focus on helping people just like you build in a great Network into your new construction home please consider liking or following us so we can continue to make great content for you in hopes that it helps you with your new construction project [Music] today's video is really a continuation of the VLAN video so if you haven't watched that yet guys go ahead and click on the link in the corner of your screen and it will take you to it I had to break it up into two different parts because it was just going to be too long if I didn't so this video we are going to be Conquering the firewall rules we're going to take the network that we built and all the vlans and all the Wi-Fi and we're going to secure it so we can make it so we have trusted networks and non-trusted networks hopefully you'll be able to take that content and reflect it in your own personal build your own personal situation and your own personal needs this is just a network outline that basically we see all the time and we build all the time for our customers so I hope that you'll be able to take what we show you here and apply it to your own personal bill so let's get started okay guys so we're gonna go ahead and kind of continue here with our firewall rules so a couple things I want to kind of point out earlier in the video we talked about there are really two big reasons why we want to create vlans one is for security which we're going to work on now the second reason is just to kind of keep your traffic running a little bit more smooth to basically be able to isolate certain traffic sort of isolate it so that iot devices kind of stay on their Highway your main Network stays on its Lane kids network stays in its Lane so when he's gaming he's not affecting the traffic over here um and they're not it makes the network run a little bit cleaner if that's what your interest is guys you can stop right now by just creating vlans you're good to go there's no security in place but you actually your network will just in general run cleaner because stuff will stay in its own lane which is great however if you're interested in security that piece you want to lock down the iot network and make it your network run be safer um then guys listen up because here's what we're going to do so by default fall all vlans can talk to each other with ubiquity that's just how they do them so when you create multiple vlans they can all talk to each other okay with the exception of guest Network when I say that leave the guest out of it because guest has its own lockdown rules that are built in so right now as it stands iot can talk to default and kids default can talk to iot and kids everything can talk to everything okay that's just how it works right now and I'll prove it by doing a little bit of pinging so my IP address is 1.37 and I can ping 3.29 which is my desktop PC if I connect to my desktop PC I can ping through 1.37 so I can come in here I know it's kind of small but I can say ping 192.168 1.37 and I can communicate with that just fine so iot can talk with me right now as it stands there's nothing locked down with any of this situation okay guys all right so we're going to create some firewall rules to in essence break that or secure our Network and that way we can prove it out at the end at the end my laptop should be able to Ping both the desktop PC and the basement on the iot network but this basement PT PC should not be able to ping me back should not be able to communicate back it should only have access to the internet okay so kind of a cool deal all right so let's get started so we're going to go over in our settings and we're going to be creating some firewall rules so we'll actually go into firewall security here all right and we're going to create some rules now there are a couple different things in here a couple different categories so there's internet rules which basically protect your network from outside you can create rules that allow stuff in from the internet if you've ever done any port forwarding things like that you're allowing certain traffic on certain ports to communicate from outside the internet to your house so that's kind of how where port forwarding comes into play okay then we have land rules which is our local network anything that's a private local all your vlans all your main networks anything all your devices are connected to locally in your house is your land your local area network it's all internal to your house specific to your house your neighbor has its own land and they and that neighbor he has his own lands okay so this is your land traffic rules on your land so each each VLAN is part of your land which VLAN virtual land and so basically what we're going to do is we're going to create rules that allow these internal uh networks to be able to talk or not talk to each other guest rules are just that guest rules they're all built in we didn't have to create any of these and then there's a version six uh flavor of these firewall rules this refers to IPv6 we're going to be using the ipv4 rules these don't have the V4 but they would be considered V4 so we're going to do stay in here so we're not messing with any of those for this video all right guys everything we're going to do is on the LAN so let me silence my phone so it shuts up okay so here we go so we're going to create some firewall rules so the first rule we're going to create is basically a rule that allows all established and related traffic to talk and I know that seems confusing but it basically means if something is meant to talk to each other and it's already established communication with it then it'll continue to allow it to talk with it okay so we kind of use it as this catch-all just to make sure that things don't get um out of whack here so for the type of rule we're going to do a lan in now there are multiple there's land in land out and land local we are going to be creating some land locals we are not going to be creating any land out so basically this is how the rule is when the rule is executed and for us we want the rule to be executed when the traffic comes from a network and tries to go into another Network basically there's a firewall right there that says okay I'm only going to let you in if you qualify for one of these rules so all the rules that we're doing are land in rules okay other than the land local land local means um it's it's kind of confusing but the best way I can explain it is is your dream machine pro for example which sees all the vlans it's creating all the vlans it is it it it's the router it is a local device that can kind of see everything so when you create a land local rule which we're going to do it basically means that VLAN cannot talk to things like your router your you know we don't want them to be able to log into your router you can block iot to be able to talk to the default Network we can block that but then the iot network can still talk to the router because it's it's communicating with the router right now and so we can actually kind of block that traffic too well we'll get that here at the end but that's what Lan local means so the first one we're going to do is allow you can do accept if you want I like to do all caps so I know it's a rule I created allow established and related to any okay we're going to want we want it before the predefined rules and I'll explain why that's important here in a minute and then we're going to leave the protocol alone we're going to basically say we're going to allow any to any so right here any any you see any any all ports all protocols all traffic all vlans everything this is on the source this is the destination so this is where we're going to create our rules this group can talk to this group or this group can't talk to this group okay that's kind of how we're doing it and because this one is only affecting established and related we need to click this manual and check these two boxes we're basically saying any can anything can talk to anything if its state is established and related and we're going to say okay now that rules have been created if we come in here to land now you'll see at the top it is it put these These are the predefined rules it was talking about it put this before them so the way this works is your firewall is going to do these rules in order it's going to just when some when traffic wants to come in it's going to basically just start the top of its list and say okay do you you meet this one okay nope you meet this one okay this doesn't allow yep okay you meet that you can go you can meet and if once it allows the traffic to go it doesn't even go the rest of the way down the list so it's just going to go down that list until it finds where you qualify and if it gets down to the third one it says this is dropped it's going to block it so it's the order of these really does matter and you can actually drag and drop these over here on the on the left hand side okay so now we're going to go ahead and create a new rule actually before we do that for this new rule this new rule is going to be allow our default Network to talk to any internal Network anything all of them so instead of leaving this any any we're going to Define what any internal Network means and we're going to do that in a profile so we're going to come over to our profiles we're going to scroll all the way down and we're going to create a new port or IP group okay and this is going to be I like to call this any internal actually local I usually use the word local any local network or VLAN okay so this is this this group of ips encapsulates all local networks okay this is going to be an IP group so we're going to do that ipv4 addresses and we're going to add whatever ones we want in here we can add whatever we want uh as far as IP addresses go so we're going to Clump we're going to basically make three and then the three include everything so the first one we're going to do is a 10.0.0.08 okay and I'll let me get these in here and then I'll kind of dive into this a little bit more 16.0.0.12 not DOT 12 12. okay all right and then 192.168. 0.0 16. all right so what is this what does this really mean so when you have an internal Network when your router hands out an IP address to something that's internal on your network it is going to use and an IP subnet like this it's going to be a 10.1 or a 10.2 it's going to be a 172.16. something or in most cases most of us are a little more familiar with the 192.168 something.something so basically what this means is include all of them every 10 dot address every 172.16.address and every 192.168 dress that's ever possible that's ever possible all of them include them that's why this is any local network and these IP addresses here represent or these subnets here represent all local networks so we're going to apply that now we have a group that says that includes all of them so we're going to come back over to our firewall we're going to create a new land rule okay so we're going to go over here Lan in just like we talked about we're going to allow default and I'm going to say VLAN so you guys understand it's VLAN Network whatever to any local so allow all default vlans to talk to any local network so we're going to add it before pre-defined rules we're going to accept the traffic we want to allow this so this is an accept we're going to switch this to network this is where our source anything coming from the place is our source the from traffic this is coming from the default to any place from two so the source destination and then we're going to come down here to our port or IP group and we're going to change this IP group to any local network which basically means our default Network right here can talk to any of those networks that we created in that Port group any of them all of them or that IP group okay that's because the default VLAN is a trusted network if we go over here you can see it is a trusted Network it needs to communicate to all other networks we're going to do the same thing with our kids however if you don't have a kids network you can skip this part right so we're going to go create a new rule we're going to create the exact same thing Lan in we're going to allow kids VLAN to any local what did I type last time any local any local so we'll just do that allow kids VLAN to talk to any local network okay predefined allow we're going to change this to network because we want the whole kids network the whole kids VLAN we're going to change it from default to kids and we're going to say Port group is any local network any port any local network anything the kids network can talk to it and we're going to apply those changes so as it stands right now we really haven't locked anything down we've created we everything could talk to everything before and we just created three more allow statements which means that my iot network there's nothing blocking my iot network from talking to these other networks and I can prove it to you right now this should still be able to ping my local address and as you can see it can't it can ping my local address okay so now we're going to create our block rule and basically what we're doing we're going to kind of just encapsulate everything with this one so we're going to create a new rule we're going to go to Lan in we're going to say you can say block drop deny whatever all local to all local it's basically with the rule and in our in our Network would say drop any to any but we're going to drop all local stuff to all local stuff so in we're going to do it predefined same thing we'll make sure they're in the right order this time we're going to drop the traffic we don't want to allow we want to drop it we're going to go to our Port group that we created any local network Port group any local network so any any any local network any network to all local networks actually let's change this drop any local to any local to just keep it you know keep it consistent okay so we're going to drop everything in the every IP address that's local that could ever be chosen cannot talk to each other is basically what we're saying now if you create this Rule and you put it at the top you could easily lock yourself out of things and stuff that's where the order comes into place that's why we made it fourth instead of first so we did our allow rules first and then we created this one so now if I come in here you can see it's allow allow allow then drop right so basically what that means is assuming that there's nothing going on in the iot network the iot network is going to come in it's going to say okay this doesn't I don't qualify for this I don't have any I don't have any um anything in here um I'm not the default Network so that rule doesn't apply to me I'm not the kids network so that doesn't apply to me uh oh I'm included I'm included in this my local network is in this group so it basically means I can't talk to anything but the internet okay that's literally what that means so now the iot network should be blocked and but I should still be able to communicate with it so I'm going to go and see if I can still ping okay so I can still ping 3.29 which if we go to our Client List here 3.29 was my desktop PC obviously I'm still connected to it let's see if it can still ping me and as you can see it can't that firewall traffic is being blocked it's timing out Okay so we've effectively established these rules right now that says you can't that it can't we can talk to it but it can't talk to us okay let's we got another device we got our Sonos uh on our main Network here too let's see what the Sonos IP is so the Sonos is 1.56 let's see if the desktop PC can paying 1.56 okay nope can't ping 1.56 however this is where we were talking about the local stuff so the local interface on our um on our firewall is the 192.168.1.1 or 192.168.2.1 it's the first IP address enter that's what the VLAN gets when we created those networks okay that's what they get if we go in here uh let's go look on there real quick and I'll show you so if we go into Networks okay and we look at we look at the I don't know iot Network you can see this network is 192.168.3.1 that's the IP address of on the router that the router recognizes to be able to Route this traffic so this is considered a local address it's considered a local address just like my kids network is considered to be a local address 2.1 is a local address it is not a it is not a you know it's not part of the land rules so if I'm down here on the iot network I should be able to Ping 1.1 and as you can see I can I can get to 1.1 I can get to 2.1 okay so as you can see I can still get to the gateways and communicate with the router directly I can't talk to devices in those networks but I can talk to the router that's what we're going to block next guys that's the next part we're getting rid of so if you just want the rule the the iot to be locked down but you don't care if it can talk to the router you can stop right now just so you know but if you want to take your security just another level guys listen up we're going to keep going this part won't take super long all right so we're going to go back into our profiles we're going to create some groups here so the first group we're going to create is a let me see so we're going to do we're going to block this also applies with the guest Network the guest Network actually can talk to the the local networks too so we're actually going to say this is going to be block no block let's do drop block yes to Gateway and the Gateway just basically means it's it's your it's the router okay we're calling it The Gateway actually just to keep it simple and high level to router we'll call it router okay this is going to be an IP group and we're going to add a couple IP addresses 192.168.1.1 that's one VLAN that we don't want to talk into we don't want talking to 2.1 so 192.168.2.1 right whoops I gotta go back into that one all right hit enter instead of add 192.168.2.1 okay so that's the kids network router add all right and now we also don't want to Our Guest Network to talk to our iot router either so that's 192.168.3.1 okay we're going to add that okay so we're going to apply changes all right we're going to create another one so this is block drop iot to router okay it's going to be another IP group and basically we're just including all the other IP addresses except for the iot's network so we want 192.168.1.1 okay that's the default we want to add 192.168.2.1 that is our kids network we don't want it talking to that one and we want 192.168.99.1 that's the guest Network whoops 99.1 okay I'm gonna add that so this is drop iot to the router basically all the other router addresses because even if we added 3.1 in here it would still be able to communicate with it but we're going to handle that one too uh here in just a second so we're going to apply that all right we'll scroll down we're going to create a couple more so this one is for the um this is the guest router and we're just basically going to say the guest router is this IP address 192.168.99 whoops 99 not one okay gas router we're going to create a rule that blocks the guest router here in just a second so we'll apply changes and then we're going to create one more iot router so this one is called the iot router or Gateway whatever you want to say okay 192.168 Dot 3.1 okay supply chain oh gotta hit add okay apply changes so now we have those built in right we got all local networks we have the gateways that are not included in each of our subnets to block those or dropped I'm going to change this to from block to dropped dropped okay so just keep things consistent okay so we got drop drop so basically the guest Network can't talk to the router the iot network can't talk to the router and then the guests can't talk to its own Gateway or the iot can't talk to its own Gateway which I know may be confusing if you don't follow some of this stuff but trust me this is going to lock things down and help kind of things run a little bit better and just be more secure okay just in case you get curious kids all right so we're going to go back to our firewall rules we're going to create a new one this one is going to be a land local okay we talked about the router is local so we're going to say drop iot to router okay this is gonna not allow the iot network to talk to any of the other gateways okay we're going to do predefined rules which is fine we are going to drop it so and we are going to say the source is from the network called iot and we're going to say our Port group or IP group is going to be to any iot to the router okay let's make sure I got that right so basically this is saying iot can't talk to any of the IPS we put in this router list right we put a couple IPS in here and we're saying this traffic is all going to be dropped okay now before I apply this rule we talked about on my computer or on on this one I could still ping 2.1 okay I could still ping that I could ping 1.1 but those IP addresses were included in our list in this block list so now when I come over here and I apply this iot to router and we apply it okay we'll give it a good 30 seconds for things that kick in we'll finish making our rules but I'll show you that you can't ping those IPS anymore okay we're going to create a new rule we're going to do the same thing for our guest Network so we're going to do a lan local okay this is drop guest to router traffic we're going to drop it we're going to say a network which is the guest Network cannot get to you guessed it the drop yes to router right yes to routers this probably should say routers plural but that's okay okay we'll apply that and if we look at our rules here we scroll down the locals are down here right it adds the locals kind of down here at the bottom okay that's okay it's going to do these rules in order and it's basically counting some things in here but it's going to these these rules will be executed so I'm guessing we should be able to Ping 2.1 anymore there you go it's block 2.1 I cannot get to the Gateway on 2.1 I can't do 1.1 either okay that's also blocked however I can do 3.1 because that is my own Gateway I can get to my own Gateway crap which means if I'm on the iot network and I pull up the internet I can go to 192.168.3.1 and I can get to my router well we don't want that we don't want devices to be able to get to the router right and we can't block the router because if we block the gateway then we essentially block our way to get to the internet but we can block this page we can block the ability to get to this page and that's what we're going to do we're going to say allow all traffic out but only block the ports required to open this page or or communicate with our router directly so that's what we're going to do because we can ping it right now so we're going to come back over here we're going to create a new profile group report group this instead of being an IP group is going to be a port group so this is our uh udm Pro udm Pro access ports okay this is going to be a port group not an IP group we were always changing it this is actually going to be a port group because these it basically means it can talk but these devices communicate on certain ports and the ports that required to talk to our devices Port 443 480 and Port 22 which is SSH ssh so we're going to basically create that okay so now we can go back into and I and I hopefully I haven't lost you guys this is this is again some of the downside to creating vlans is there's a lot to it here guys there's a lot to it right but if you follow the steps here you'll be good to go and I'm going to keep going here because my clock's ticking here all right so we're going to do land local again okay we're gonna block or drop iot to its own router okay we're going to drop the traffic we're going to say it's a Network rule we want all of iot to feel this get this Rule and we're going to drop anything oh we're going to say it to a specific um we want it to be the iot router so this is a port IP group that we created earlier the iot router so we want specifically to the iot can't get to the iot router and we don't want it on any port we want it only on these ports so basically it's saying the iot network can't talk to the iot router on these ports it can it can still get to the internet and still do everything but it can't talk directly to itself on those ports we're going to apply changes we're going to do it real quick with the guest Network here playing local okay drop guest to its own router we're gonna drop schools Network we're going to choose the guest Network we're going to choose the port IP group is going to be the guest router but only on the same ports okay apply changes okay we'll give it a couple seconds that's it guys that's all the rules we had to create our iot Network can't ping out anywhere however I'll show you here real quick let me get the um TV working behind me so I got an Apple TV behind me which is on the iot network for us make sure that is on the right spot here come on baby okay well it's loading up so there's all our rules you can see the same ones we looked at earlier that might be named a little bit different okay and I'm going to come back over here and I'm going to just hit refresh and you can see it's just spinning and spinning and spinning it can't get to it now and for my next trick I'm going to show you that the Apple TV here right behind me I'm going to make sure my phone connect my phone to the correct Network so I'm gonna it's gonna be correct connected to here in just a second the default Network or actually I'll I'll do kids it's connected to kids here come on phone find the networks there you go Wi-Fi for kids there you see could not be reached so we've successfully blocked that and then here if I go into my iPhone and I choose to run my Apple TV choose a TV basement connecting cool hopefully it's connecting we might not have given it long enough we might not give it long enough so uh real quick I'll try to reboot this I know my clock's tick in here I got a actually I'll tell you what I'm going to pause here and when we get back we're just gonna do a bunch of testing so I'll show you how this all and we'll wrap this up okay here we go I just wanted to let you know the little technical difficulties we had just a second ago I haven't changed anything all the rules are exactly the same I just think we didn't give it enough time um for things to kick in so kind of be patient during this process just because the ping doesn't work once you might wait just the rule of thumb is supposed to be like 30 seconds for things to um for like things to stop working and whatnot um so just you might have to or reboot something you know like you might have to reboot something so just so you know I didn't change anything to fix what wasn't working just a second ago I just waited a little longer that's all it really boiled down to so in what I want to show you with this guys is that things are set up the way we want so if we go over and look at our clients real quick all right we got our Sonos one let's talk about Sonos just real quick um oh here we'll get to Sonos in just a second but we have the Sonos on the default Network my computer's on the default Network the laptop is my desktop is on the iot network my iPhone is on the default Network which I'm going to show I use that to demonstrate here in a second and my Apple TV is on the iot network right okay we could put one of them on the kids network to show you that it can't get to adult websites but actually if you recall we put the iot stuff on that as well and I'm going to prove that works also so let's start with Sonos so Sonos is one of those things where um there's a setting in here that these sites use like multicast and all these different types of technology to communicate so your phone can talk with your Apple TV or AirPlay I mean all that thing is taking that's all taking place using stuff like multicast and some other Technologies in place so if we go into the networks here you'll see this multicast DNS setting which basically means I want these networks to be able to talk to each other via this multicast so iot even though we've now we've blocked iot direct traffic but we want to be able to the iot network to be able to communicate back to us on this multicast basically what this allows us to do and I don't have ing igmp snooping on here which plays into this multicast as well some people say to turn it on some people say to turn it off I just left it off so if I'm wrong leave a comment tell me I need to turn it on um but to me I don't necessarily think it's needed but I could be wrong but so with the multicast we basically still want to be able to have our phone on our main Network our trusted Network and then be able to have that phone communicate with the iot network you through multicast to be able to run the Apple TV so if I click my Apple TV here to wake it up I want to be able to run that from my phone okay that's what that's what this this setting does however Sonos kind of plays by its own rules guys it just does and like I said there's a whole list of ports and things you can open up if you really want to lock down your Sonos but guys I almost have found that it's just pretty much easier to just put it on one of the trusted networks whether it's the kids network or the default Network whatever but Sonos just plays nicer when you have it on the right on the right Network sorry for my watch um it's just it just plays nicer okay so that's what it boils down to so we put Sonos on one of the trusted networks if you want to look into that a little deeper like I mentioned there are rules you can set now a printer you can put a printer on any network you want right an iot device will not be able to communicate with the printer if it's on you know uh the kids network or the default network but if all the other devices will be able to communicate with it so you're good on printers you're good on multi-casting which I'm going to show you here in a moment so my phone is on the default network but my Apple TV is on the iot network and we can actually control that so I'm going to go in first I'll just mirror and when I do mirror I can choose basement and there you go you can see I'm mirroring right so two different networks across multiple networks if I click my little magic remote button here I can I'm connected to basement it allows me to check it and connect it I can scroll up move around go to my home screen hold things in put all my devices to sleep whatever I want to do kind of cool so I'm running this on a completely different network but if it was backwards it wouldn't work it only works one way because we allowed the default Network to talk to everything if my phone was on kids the kids network can still run the Apple TVs cool right you don't have to give them the special phone or whatever when you guys can't find the remote this is any device on any of those two trusted networks can run the Apple TV which works pretty good okay so that's kind of cool now we talked about having a safe Network right we already showed you that the PC over here cannot ping me but what can it ping uh an adult website right so let's go into my network let's show you here first on the my laptop is let me click in here so my laptop right here surface is on the default Network okay ipconfigged there we go a one dot address and I can ping playboy.com I could ping the famous One pornhub.com right so I can get anywhere I want as long as I'm on this network however and I can show you this on the kids if I if you guys just trust me it works on the kids too the same way it works on iot if I switch over here to this one and we do ipconfig oop type it right okay you can see we have a three dot Network so I'm going to Ping PornHub you can see it can't find it I can't find it at all if I try to go to that can't be reached right so it's gonna do it's gonna block a lot of the big players it does a pretty good job of blocking the adult websites guys it does a pretty good job I've been pleased with what it can do now we have if you see my other videos we have uh firewall purple and some other things that you could do to really give you a little bit more granular control like with your phone this kind of just is a set it for all family and it's just going to kind of do it I can't go in there and add sites and tweak it and stuff like that it's just kind of putting what it sees as um you know bad sites so it doesn't give you a ton of control but it does give you a little bit of Peace of Mind knowing that they can't get to these these bad sites so we got let's let's kind of recap here so we have if I switch over to my picture here we have a default Network which is what my laptop's on it can get to anywhere on the internet and it can get to anywhere on my network locally then we have our kids network and our kids network has full access to the local network it can run the Apple TVs it can cast their phones to Chromecast and all sorts of things um it can run Sonos right the Sonos was on the default network but my phone on the kids network can actually run the Sonos when it's open like that and you're not blocking any ports it'll actually communicate be able to run the Sonos but once you start putting in firewall rules it gets a little dicey okay so the kids network can run the Sonos um but it can't get anywhere on the Internet it's going to be it has the safety restrictions turned on the iot network is not a trusted Network and it can't get anywhere on the internet either because we have family safety turned on and then our guest network is also blocking uh can't get anywhere because it's not trusted we didn't really test any pinging with the guest network but it's built the exact same way as the iot network literally the exact same rules are kind of Applied actually with one difference in mind because it uses built-in architecture if you remember when we went into the networks and if we click on guest Network and choose guess it says your guest hotspot profile will be automatically applied to this network connected clients will be isolated from each other as well as all internal networks so not only can your guests not talk to the rest of our networks the rest of our vlans if you have two devices on the guest Network normally they can talk to each other but this actually adds another layer of protection that says they can't and that's because these devices are used in coffee shops and things like that you don't want all your guests in a coffee shop to be able to communicate with each other that's a security risk so this is something that it puts in place an additional layer of security right and we did not include it in our multicast DNS because I don't want anybody on my guest Network being able to run my Apple TV right I just don't even though they wouldn't be able to I just again I just leave it off of that so that multicast traffic is just avoided it makes the network run cleaner anyway so kind of cool guys this is what we built now this is what we see as a typical Network our typical households have laptops and phones and Sonos speakers and and printers and streaming devices Apple TVs chromecasts smartphones this is a pretty typical Network and as parents we typically want our Network to be safe we want to make sure that when I'm on my work computer I'm on my trusted Network and I'm doing a VLAN or a VPN with work or a zoom call that I'm not being attacked now the one thing I will tell you here guys I will tell you when it comes to security security can these security rules can only help you so far right the weakest link in any network is the guy sitting at the keyboard so you still if you're on the default Network you still have to be careful what you click on because the default network has access to everything these kids also with this particular scenario because we want them to still be able to run the iot devices and we want them to be able to still run Sonos but just not get in too much trouble on the web but technically if they get an email and they click on something they're not supposed to that virus or that thing could still run rampant so you guys still need to be careful right security happens all over the place this is just helping devices that are more vulnerable like a doorbell like a uh Alexa like a like an Apple TV things that are more vulnerable on your network not be able to create havoc to your trusted areas of your network so just be careful when you're using your networks guys be careful don't be clicking on things if you don't trust it and so we live in a dangerous dangerous world and so security is almost an illusion nowadays if someone really wants to get you they'll get you and so you still need to be very careful because this doesn't block everything right we still need antivirus on our computers we still need malware protection we still need spyware protection we still need to watch what we click if we don't recognize an email so just kind of keep that in mind guys okay so I'm going to wrap this up this was already a long one I know it was hopefully you guys hung with me to the end but literally if you follow this step by step start to finish you guys can build yourself a fairly secure and safe Network that still allows you to be able to communicate with your devices but lock down the iot I tried to slow it down and explain things in a way that makes sense I know there's still some technology mumbo jumbo in here guys vlans and gateways and local cool firewall rules I mean I know this stuff gets a little confusing so if you just want to use it as a step-by-step guide you can I can't even take credit for this guys there's guys smarter than me that come up with these rules and help help me establish these things I'm just passing it along so you know the the actually I didn't put it up there I did it earlier but crosstalk Solutions uh is a really good reference for ubiquity stuff guys their big ubiquity house they're also talk a lot about starlink and some other things so guys if you were learning more and this is just one of the videos you're watching you can check out Chris over at crosstalk he does a good job Mac Telecom networks does a lot of ubiquity stuff as well and Lauren's systems does a lot so those are my guys those are the guys I I Look to for help when I get stuck on something so guys put those feathers in your cap as well I don't want to take credit for all this stuff you know there's people out there much much smarter than me but guys this is a good way of doing it and hopefully this helps you and I look forward to seeing you in future videos so thank you very much and we'll sign off all right foreign
Info
Channel: Ethernet Blueprint
Views: 13,780
Rating: undefined out of 5
Keywords:
Id: -97-sOUe7p4
Channel Id: undefined
Length: 43min 47sec (2627 seconds)
Published: Wed Apr 26 2023
Related Videos
UDM Pro - Beginners Guide to Setting Up VLANs
Ethernet Blueprint
29K
NEW to UNIFI VLANs?? START HERE!!!
Ethernet Blueprint
60K
Everything Wrong with the UDM-Pro (2024)
Toasty Answers
3.1K
Top 13 Unifi Network Setup Tips - Planning and Optimization
Ethernet Blueprint
42K
Configuring VLANs, Firewall Rules, and WiFi Networks - UniFi Network Application
Techno Tim
208K
Complete UniFi Setup Guide (Dream machines for beginners)
SpaceRex
7.3K
UniFi Basics: Start the Right Way Without Breaking the Bank!
Crosstalk Solutions
112K
Mastering VLAN Configuration on MikroTik, Step-by-Step Guide
The Network Berg
66K
Beginner's Guide for Choosing a Unifi AP
Ethernet Blueprint
10K
UniFi Network BEGINNERS Configuration Guide | 2024
Unified IT
128K
My Full Unifi Network Setup - Firewall Rules, VLANs, WiFi, and more
Raid Owl
50K
Which Unifi Router is Best for You?
Ethernet Blueprint
58K
Should You VLAN in Your New Home's Network?
Ethernet Blueprint
3.3K
Network Virtual LANs (VLANs), Explained Simply (VLANs, Part 1)
Doug Johnson Productions
132K
Unifi VLAN
LoRes DIY
5.5K
Configuring VLANs (Tagged and Untagged) in UniFI
Viatto
176K
Cost of Building in a Unifi Network in 2024
Ethernet Blueprint
32K
Ubiquiti Unifi Firewall Setup - Everything you NEED to KNOW
John’s Films
37K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.