Do virtual subnets prevent packet sniffing across those bounds?
I'm trying to decide whether purple will meet my needs, or if I'd want to spring for gold. One of the determining factors will be how strongly IOT devices (notoriously insecure) can be isolated from the rest of the site.
I'm assuming worst case, where someone manages to push a packet sniffer into one of those devices. I'm not sure I see how the virtual isolation could guard against sniffing packets from the other address range, if they are on the same wire.
It might be possible to use the wire vs Wi-Fi distinction to separate that traffic, but my understanding is that purple's Wi-Fi is short range only, so this would require an access point in bridge mode to act as a retransmitter, right?
(I'm currently using an old Cisco 5-port box to get physical separation between the secured networks. I got it cheap, it works, but you folks know just how difficult those beats are to learn and manage, and of course I'm running it unsupported. The Firewalla products are definitely interesting for those reasons, but I'm not certain whether purple would do the job or if I really would need to think about gold SE.)
-
Packet sniffing via the LAN is a lot more difficult than doing it via the router. LAN traffic (unless you mess up all the ARP tables) is often direct (unless you hack up the AP).
If you really, really want better isolation, take a look at the firewalla AP7 https://firewalla.com/ap7
Please sign in to leave a comment.
Comments
1 comment