VLANs Isolate Home IoT Devices From Malware as 2-5 Network Segments Tighten Security
Updated
Updated · ZDNet · Jul 19
VLANs Isolate Home IoT Devices From Malware as 2-5 Network Segments Tighten Security
2 articles · Updated · ZDNet · Jul 19
Summary
Separate VLANs can keep hacked thermostats, TVs and other IoT gear from reaching laptops, desktops and phones on a home network, limiting malware spread and data theft.
A typical setup puts computers on the main LAN and IoT devices on a second subnet—such as 192.168.2.x—while more advanced users can add dedicated segments for mobile devices, kids, guests or work.
Most ISP-supplied routers still do not support creating VLANs, pushing users toward third-party hardware or software routers such as OPNsense or IPFire.
VLANs are not foolproof: misconfigurations can enable VLAN hopping, so firmware, operating systems and router settings still need to be kept updated and properly configured.