Anything to be done about Ring?
I have hundreds upon hundreds of Ring alerts in Firewalla, and all the threads here are close to a year or more old. Has anyone come up with a solution to whitelist the 'normal' upload activity of ring devices without just whitelisting the device [video cameras are the biggest thing I *want* to make sure aren't doing malicious things, but I can't see the other alarms that I should probably be paying attention to because it seems impossible to mute all the legit AmazonnIP activity for the video upload alerts.
Help?
-
Check out this document, what you can do is to white list subnets
https://help.firewalla.com/hc/en-us/articles/360006083334-Manage-Alarms
Example: Mute Alarms on a device when accessing a certain subnet
If you want to mute Abnormal Upload Alarms when Annie's iMac is accessing subnet 12.233.11.0/24.
Step 1: Tap on "Alarm Settings" on the upper right corner of Alarms page. Tap on "Abnormal Upload".
Step 2: Tap on "Mute". (If the general setting is set to Mute All, there will not be a choice to mute specific device/destination.)
Step 3: Tap on "Add Destination" -> Enter "12.233.11.0/24". (Destination can also be a certain IP Address / Domain.)
Step 4: Tap on "Next" -> Apply to "Annie's iMac". (If you don't want to specify a device, tap on "All Devices.")
-
It seems like the ranges used change every single day. I've entered probably 20 different /16s so far and the deluge isn't ending.
Side note: I wish I could at least filter out those devices from the alarm list temporarily so that I can see alarms of different types, but these Ring upload alarms hide all of the other activity. It'll take hours to delete the Alarm history just to start over even.
-
@Chris B. I am muting the device yes.
On the other hand i must say that one can not want to have it all; i.e : want a smart house or smart appliances and not be smart about it (pun intended).
I genuinely do not think there aren't any silver bullet out there and crucially i dont think they will ever be. For a host of reasons but essentially it boils down to the human.
I.could get into a long tirade here but there always will be people.who want to secure stuff and people who want to break into stuff, the later category tend to lead the race at all times with the former category in reactive mode on their back foot.
I am,despite a host of relatively advanced security measures for a home (after having hit my ISP's modem any packet goes through 4 security devices before hitting my LAN router while there is permanent hardware VPN for the upstream for all devices which is also encrypting all DNS requests and i have an automated search fuzzing app installed on all the browser) permanently on my guards and alert to any unusual activity. And i believe that anyone intending to have any sorts of smart features in their home ought to be, otherwise they aren't ready to own/run smart devices.
It is in the interest of every manufacturers of said smart devices to make the consumer believe the device is secure but if you follow just a bit the infosec news you know this is not the truth (last week an individual released half a million of servers and IoT devices usernames/passwords reachable over telnet see zdnet) or see this U.S manufactured smartphone which comes in with hardly removable builtin malware-type apps ( https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/).
By now you have certainly understand my stance, infosec starts with zero trust and requires active involvement.
While your claim makes sense, it highlights why owning a smart device is not for everyone and why ,like you do, one should always ask and inspect.
In that respect Firewalla or any related security solution can help but will not just yet replace the inquisition and deduction abilities of an educated human brain.
Please sign in to leave a comment.
Comments
5 comments