The #1 Home Security Risk: How to Isolate and 'Jail' Vulnerable IoT Devices 🛡️🔒

Added: 2026-05-14

[00:00:00]Welcome to the Richard Lloyd USA YouTube channel. I'm Richard Lloyd. Today I'm going to address probably what I would call, in my opinion, the biggest security risk on your home network and one that isn't really talked about very much. Uh, and you would think from, you know, my content that I would be saying, "Oh, it's your stock firmware on your, uh, you know, home router." Well, that would I I would put that in the, you know, category of 1%. Yes. Uh but in just as high a category, I would put this in there. And that is IoT devices.

[00:00:40]What are IoT devices? Well, that's anything that you plug into your home network. usually something that you're remote controlling with your phone. Uh like uh let's say your garage door opener or maybe your front door lock or your thermostat uh smart uh wall switches, smart plugs, all those little things that would plug into the network and are a great convenience for sure and I love them. I have a lot of those devices as well. But when I saw what was happening with uh end of life and the FCC ban, which is coming uh March 1st of 2027, and all the devices that are going to be end of life, meaning that they will no longer receive any more security patches, none. So, they're done. And as from a security standpoint, the day that you don't receive any more or are not going to receive any more patches for your uh connected devices, your network connected devices, that is the day that they become a security v vulnerability because there's always going to be a new one. And with these devices, well, let's look at the stats here.

[00:01:51]So here are the stats for world worldwide how many IoT devices there are and how many of them are a current security threat and it's pretty eye openening really it is and you know I'm I'm going to extrapolate the worldwide percentages to be the same percentages for you know anybody who's using IoT devices so the scary thing is 20% of medical devices that are IoT right are end of life and it's kind of an ironic name on a medical device, right? Uh so they are 20% of them are no longer uh running supported uh firmware or are have been orphaned. It's like okay that's scary. uh also industrial impact um in the la in the next in the last 10 10 to 20 years is estimated 30% of industrial IoT sensors are now end of life uh end of life and no longer supported. So that's crazy but we don't we're not we're probably not running well you might be running some medical uh office or something but or or you might be working in a hospital. This might be something to bring it to people's attention, but regardless, uh, five to 8 billion devices that are connected to networks in this world are currently operating without active security patches. That's crazy. So, it's 20 to 40% are effectively orphaned. So, I'm I got to guess that 20% uh to 40% of the IoT devices in your house are probably no longer receiving any more updates. And after the Fed F well the FCC, Federal Communications ban all foreignade uh network devices, then all your IoT devices are included in that. They're they're going to be end of life as well. So, thought about that and I said, "Well, what can I do?" Well, number one thing I can do is definitely use open source on a router like this.

[00:04:01]This is the EA7500 V2. Now, mine's all opened up, and you know, I'm a I'm a, you know, experimentter. You don't have to do this to your router to have this happen. But in a previous video, I showed how to put OpenWRT on this, and that makes it a secure router. Again, stock firmware on this router, don't plug it in. It's it's that bad. Just don't. you the only reason to plug this in is to put uh a third-party firmware on it like OpenWRT, which is the only one currently available for this beautiful router because the hardware in this router is really good. It works really well uh with thirdparty firmware.

[00:04:35]So, uh this is the router we're going to be working with in this video. But I realized that all my IoT devices, just like yours, make my network far more vulnerable than the stock firmware.

[00:04:48]Although the stock firmware would definitely make it vulnerable because it has a vulnerability on it. But outside of that, all those IoT devices that I have connected to it, I'm sure there's vulnerabilities in those somewhere. And if there isn't now, there will be in the future. So, I needed to somehow jail those devices by themselves. And all those devices are Wi-Fi devices.

[00:05:14]like most I I really don't know of any IoT devices that aren't Wi-Fi devices.

[00:05:20]I'm sure there are some, but these all are. I mean, maybe a camera, an IP camera that's hooked up to Ethernet, but that would still be a vulnerability. So, I'm just going with everything's Wi-Fi here. So, here's your typical network.

[00:05:34]And yeah, you got to have OpenWRT for what I'm going to show you in this video to work. Now, it doesn't have to be on an EA uh 7 uh 7500 V2. can be any open recent open WRT uh what do you call it firmware on your router and this is what everybody has. They have the internet, they got the router, maybe a a work PC, maybe a work uh desktop connected to it, sometimes through Ethernet, sometimes through Wi-Fi. Then you got everything else. And everything else would be uh you know, laptops for your kids, your wife, you know, all your whole family has a cell phone. Every one of them has a cell phone. Uh maybe you got a couple uh Wi-Fi cameras for security. Uh, you've got a garage door opener, a bunch of wall plugs, like I, you know, I do, I certainly do. A couple of thermostats, all that stuff. The problem with all that stuff is that all that stuff is connected together. It is all part of one network.

[00:06:38]Okay, so that's that's a big big vulnerability as you can see here. Not only well, let's continue on here. Um this creates in this picture that I show right here 19 possible security entry points. If any one of these devices gets becomes uh compromised your whole network is is compromised.

[00:07:02]Once they're into one then then from there all these devices can see every other device on this network. So what I mean by that if I get onto this laptop and I ping the router it's going to it's going to say yeah I'm here. Right? If I get on this cell phone and I ping the camera, it's going to say, "Yeah, I'm here." Right? And if you know, if I get on this PC and ping the one of these wall plugs, it will say it will return the ping. So everything on this network can see everything else on this network.

[00:07:33]So if let's say the camera becomes compromised. Well, the person who gets into this camera will find this camera near instantly and they go, "Oh, look, another one. Let's affect that one. Oh, look. That garage door opener has a different vulnerability, but I can get to it from here, right? Oh, that garage door opener now lets me into the router, right? And then from there, there's they can hop into everything. You can see the problem. 19 vulnerabilities. Like, yeah, your router was the number one and especially if you're using stock firmware on this router, uh it would have been number one. But even if they they didn't find that one, if they found one of these, then they are in just as much as if they if they were the router.

[00:08:19]This gives you 19 things on your network that can be compromised. That's a big deal, right? It is. So, uh, and and here's how it works. Like from one, it'll just, you know, they can skip to anything and if there's any other vulnerabilities, they'll skip to it to that vulnerability. And the bad thing about that is is like, oh, I found a vulnerability. Okay, I patched the firmware here and now they're no lot they're locked out of that device.

[00:08:42]They're already in here, here, here, here, right? They they they don't if they once they're in your network, they don't just sit there and go, "Oh, great.

[00:08:52]I'm happy now." Right? They scan the whole thing and they then they go, "Okay, what else can we infect?" Right?

[00:08:57]You know, and if it's a worm, it'll infect everything it can. That's how crazy that is, right? So yeah, what we're going to do is we're going to create a guest. Well, on most routers, it would be called a guest network. Uh, and default stock firmware usually has a guest network. And what it is is is a Wi-Fi connection to your router that is protected or or or isolates whoever connects to it from your network. Well, we're going to create that uh using OpenWRT.

[00:09:32]And when we're done, we're going to have the original, which is again, I'll put a video up here for how to put OpenWRT on this router and how it's config. And what you're going to end up when you watch that video with is what I already have set up for this video, which is DD-WRT on uh the Lynxys uh with the 2.4 four and 5 GHz Wi-Fi.

[00:09:57]Just normal stock setup that I showed in that video. We're going to add two more Wi-Fi connections to that that are 2.4 GHz and 5 GHz, but they're completely locked down. What do I mean by that?

[00:10:12]Anything connecting to those two Wi-Fi uh connections, SSIDs, let's call them, will be completely isolated from the router.

[00:10:22]They'll be completely isolated from anything on your home network that's on 192.168.1 or xx. In other words, your your primary network, they won't be able to see that at all. It it won't exist in them at all. Now, the second thing that either one of those uh SSIDs will do or Wi-Fi connections will do, it's going to isolate every single one of these devices by itself. It's going to be re all these devices are going to be really lonely because as far as they are concerned they are the only they'll be the only device on that network. That's it. Right? Even though it's a full isolated network that goes, you know, you could have 254 devices on uh none of those devices will know that that there's any other device but them on that network. Not only that, the only thing they'll be able to do is actually go out to the internet. That's it. They won't be able to ping the main router, nothing. They they as far as they're concerned, they're connected to straight to the internet through a Wi-Fi connection. That's all they're going to know. That's it. So, completely locked down, completely isolated from your network. And I've tried this. It works beautifully. I haven't had any problems with any of my devices. So, what we're going to do first is we got to get to the router. The router's on. I'm connected to the router through an Ethernet cable. You should be, too, because we're playing with the wireless connection. So, if you're connected through Wi-Fi, you're going to get knocked off. So, what we're going to do here is just open up a browser, and we're going to go to 192.168.

[00:11:58]Always use the private browser, too.

[00:12:00]192.168.1.

[00:12:04]And that's where the router is. Enter.

[00:12:07]It's going to ask us to log in. log in with whatever you used uh to set up your router on the other video. Logging in.

[00:12:17]There we go. And you can now see my router.

[00:12:20]And I'm going to try and uh I have slides on how to do this. And I'm going to see if I can, you know, have all of this information on the screen at the same time. And hopefully we can all get this done. And I highly, highly recommend that even if you can't put thirdparty firmware on your router, if you have a guest network option on your stock firmware, turn that on and put all your IoT stuff in there. I would also say put all your kids cell phones in there as well because they don't need to, you know, share anything between each other. And if they do, they can use something like iCloud or, you know, Dropbox or Google Drive, whatever. And you can cloud print to anything nowadays, too.

[00:13:02]So, it's not a big restriction for them.

[00:13:05]Uh, but put them all put everything that you don't want on your main network having access to your router into that box. And that's what we're creating here. So, here um we're going to go to network and then we're going to go to interfaces.

[00:13:21]And like I said, I'm going to follow along with my uh slides here. Hopefully, we can get that down a little bit. There we go. And once you're in interfaces, you'll see all this stuff, which is normal. Uh the WAN port, and again, I've got that turned off, but I showed that on the video. Uh and and the LAN port and so on. What we're going to do is scroll down here to add a new interface.

[00:13:50]And then we're going to go um we're going to call this and like I said, I want to follow my slides so that you guys see and I'm going to see if I can put these slides on the on my web page, too. Uh, but regardless, um, we're going to create a new interface. It's going to be called guest all. And case is important. Make sure you do it exactly the way I do it. If I put it all lowercase, you put it all lowercase. If you change the case, it messes things up. Just do it exactly as I show you. It's OpenWRT is great. It's powerful, but it's very, very finicky on how it works, and its settings have to be more or less exact. So, you know, I figured out what the exact things you need to do to make this happen are. Just follow and do it exactly as I show.

[00:14:35]Okay. So, next we're going to go um I'm going to go to the ne next box here and we're going to choose static address.

[00:14:44]And then here you see this unspecified.

[00:14:48]We're going to choose that.

[00:14:50]Scroll to the bottom. You'll see custom.

[00:14:53]We're going to put something in that custom box. So, just click on it so your cursor makes it blank.

[00:15:00]Here, uh, let's see. Did I go too far? Yeah, here we're going to type in lowercase everything. BR hyphen and then guest just as I have over here, right?

[00:15:17]BR guest. And what that stands for is bridge and guest. Guest is the name of the bridge. But it's still funny because it's be our guest, right? And again, when we're done with these uh guest networks, which are basically isolated networks that we're we're creating on Wi-Fi, you can have your friends come over and you give them the password for that network. They go onto it. They they can't infect your network. They can't infect your work computers. They can't do anything. They can't even infect other people on that guest network because they can't see them. But they can surf the internet, look at the internet, and do whatever they would normally do on their home network on yours. They won't know they're on that that they're locked down. So, and if they do know that they're locked down, I have to wonder why. But anyway, we've got be our guest. Just hit enter here.

[00:16:06]You have to hit the hit the enter key for this to stick. Enter. And then you can see that it shows up up here, right?

[00:16:14]Which is perfect. Now, we're going to create the interface.

[00:16:18]There we go. Now we've got a new interface. Following along with my slides here. I'm going to see if I can slide this over a little bit there.

[00:16:25]There we go. And next you can see you know what we need to address next which is down here.

[00:16:33]Right. So bring up on boot checked off.

[00:16:36]This is perfect. Here we're going to put the IP address of our new interface. And as you saw from my slides, that's going to be 1 192.16850.1.

[00:16:48]And yeah, use that number 1 192.16850.1 and because I'm going to continue on configuring this router in future videos and you'll see why I use that number when you see my next video. Now, uh, on the IPv4 net mask, choose the 255 255.0.

[00:17:11]This one with the three 255s in it.

[00:17:13]Choose that one. And I'll just keep going with the slide here. Now, we go to firewall settings.

[00:17:20]And my slide's a little messed up on this one, I believe. Uh, yeah, it is.

[00:17:24]So, I'm going to click on that. And we've got unspecified zone here. So, which is where we're going to that dropdown.

[00:17:34]And so, let's see if I got that right now.

[00:17:38]So, drop that down. And again, we're going to hit custom on this. Right.

[00:17:44]Next. And here we're going to type in guest and then hit enter. So, again, all lowercase. Enter.

[00:17:52]And you can see how that gets that does that up there. If you don't hit the enter key, this doesn't work. So, it's really finicky on how this works. You could you could just think that it's in there, but if you don't hit the enter key, it doesn't it doesn't show up there. And you can see there that it shows up. So, I got that. Click save here.

[00:18:11]Now, if you scroll up, you'll see we have a new interface called guest. And this is a virtual interface, a virtual router that all the Wi-Fi uh connections that we're going to make go through.

[00:18:25]Right. So here we're just going to click on edit and then continue on with my slide. Here we're going to go to DHCP server and then you're going to click on setup DHCP server here.

[00:18:41]There you go. And really that's all you need to do here. But uh I've got it on my slides. You can check and check check on IPv4 settings. Make sure that DHCPv4 service is enabled. Right. By default it is. So, you know, don't worry about it.

[00:18:55]Just hit that and we're probably we're going to be hitting save next. So, we've checked it.

[00:19:03]Hit save.

[00:19:05]There we go.

[00:19:08]Next thing we going to do is scroll down to the bottom and we're going to apply these settings. So, save and apply down here.

[00:19:20]Once that's done, we're going to wireless. So, scroll back up and then go to uh inter. So, to network and wireless.

[00:19:31]There we go. And you can see the two networks that we created on that original video. Putting open WRT on this 7500 EA7500 V2 Lynxis. Uh again, that configuration would have worked in a regular open WRT of another kind of router, but this is what we're working with here. And you can see down here that I have something connected to the 2.4 GHz. That's what that's just a plug, uh an IoT plug that I decided to put in this network before we started the video, just to show you that it's connected there. And on the 5 gigahertz, I have my phone connected to it. So I I'm on my main network and you can see 192168.1.105 1.131.

[00:20:18]That's the main network. That's where they all are. So they're all part of the big bucket of everything on my network that could be unvulnerable, including this. Right. So we've gotten through there.

[00:20:31]Next, we're going to click add. And we're going to click add on the 2.4 gigahertz. So click click add on that.

[00:20:39]you know, go with whatever defaults you want to go with. Uh, you know, make sure the country code is in here. This is the way I have it configured. So, you know, go with that. And, uh, instead of OpenWRT, I'm going to rename it. And I'm just going to call it G uh, Wi-Fi.

[00:20:57]This you can call whatever you want. U,, but I'm I'm just calling default Wi-Fi 2.4 gigahertz. Now, you could just call it G Wifi 2 and and leave it alone or whatever you want, right? I'm putting it in there just for clarity so people know in this video what what we're looking at. Now, G Wifi uh stands for, you know, the guest Wi-Fi 2.4 Gertz.

[00:21:25]uh when you're letting people on to your network, you might have maybe call it family Wi-Fi or whatever and then you know they don't feel like you're putting them in the doghouse, right? Uh but it's up to you what you call it. I'm just calling it the G Wi-Fi because it's the guest Wi-Fi 2.4 GHz, right? So, we'll continue on here, right? You can see everything on that slide. I'm working ahead.

[00:21:49]Next thing we got to do right here, network unspecified. Click on that.

[00:21:56]And you can see there's uh so guest and no interfaces attached because we haven't attached any yet. But we're just going to put a check mark next to that.

[00:22:06]That's it. You don't and and you could hit enter, but uh it doesn't matter.

[00:22:10]Just putting the check mark there enters it into the box.

[00:22:14]So uh after that's done, we're going to go to wireless security. Definitely change this. I changed it to WPA2, WPA3.

[00:22:23]uh you can experiment with that but the you know all my IoT devices can connect with that level of encryption. If yours cannot if you got to go down to WPA or even worse uh like PSK or two or the weak security or the open network or no encryption like if you need to go below WPA2 WPA3 to have something connect to your network you need to get rid of that device. that device is vulnerable 10 10 ways from Sunday and you don't really even want it in your guest network because it's going to be compromised and you don't want even though it's completely isolated you still don't want somebody messing around inside that environment. So there it is that that's what I'm choosing. Uh, put in your key, whatever you want it to be, and make it different. Make it different than the other one, the other the other key for the other network, right? And and security reason is very simple on that one. You know, you're going to be giving somebody your password to get onto your guest network and then they're going to look at the other one and go, "Oh, I wonder if the password's the same. Oh, look at that. It's the same.

[00:23:34]I'm on the other network." Right now, your friends shouldn't be doing that, but your kids might, right? And you know, cuz they're they're kids that they experiment. So, there it is. Make it different than the other network. And we're going to continue on here.

[00:23:54]Okay, you got the key in there.

[00:23:58]All right, this is the next and most important part. We're going to go here to advanced and we're going to click on isolate clients and isolate bridgeport.

[00:24:10]Right? What that does, that's the thing that stops, you know, client A from seeing client B and both of them from seeing the router. It basically says no, you don't get any access to that. All you get access to is the WAN port like out there to the internet. That's it.

[00:24:28]That's all you get. That's all all those devices actually need anyway. So, any more access than that is is a vulnerability. So, okay, we've got those two checked off. Make sure you do that.

[00:24:42]Uh, doesn't work without that. Here, we're going to click save and then down to the bottom, save and apply.

[00:24:52]So, there's one configured Wi-Fi SSID.

[00:24:59]You can see it right here. Gi 2.4. So, we're going to add a 5 gigahertz version of that same thing here. We're going to go to USA.

[00:25:15]Put whatever country you're in. It's important. Do that. Definitely. I'm using these settings. That's great. Uh, OpenWRT, we're going to change that.

[00:25:29]And I'm going to change that to G Wifi.

[00:25:35]Well, helps if you're in the right window. I'm going to change that to G Wifi.

[00:25:42]And you guessed it, 5 gigahertz, right?

[00:25:47]Network again going to be guested. So, put a check mark next to that.

[00:25:55]And then, uh, let's go over to wireless security.

[00:25:59]Again, we're going to choose WPA. You can choose WAPA 2 and three. For me, I'm choosing WPA 3. I I want the strongest security on the W the 5 GHz. Now, you can change that. Like if you get a, you know, somebody something that you need to connect to that network that doesn't do WPA3, then just switch down to strong security. They're both strong. I'm going to go with WPA3.

[00:26:23]I like the higher setting. Up to you on that one. Uh, put in a password. Again, make sure it's not the same as the unisolated uh, router passwords so that they're different, you know, as I explained.

[00:26:40]Now, the two passwords of the isolated router uh isolated uh networks can be the same, right? So, your 5 GHz uh isolated, you know, Wi-Fi connection that we're doing right now and your 2.4 can have the same one. That would be just fine. It wouldn't that wouldn't bother anything. You would either be, you know, locked down at 5 GHz or locked down at 2.4 GHz. Give them the option, right? So, makes it simpler for you. So, got the key in there.

[00:27:11]and uh encryption.

[00:27:16]Like I said, this is step by step. You got to do it exactly like I show. So that's why I'm using my slides and then taking a little time being careful because otherwise one mistake and this doesn't want doesn't work. Back to advanced settings.

[00:27:29]Isolate clients. Isolate Bridgeport.

[00:27:32]Same settings as the last one. Right here we're going to click save.

[00:27:37]And then we're going to hit save and apply. Save and save and apply.

[00:27:50]All right, we've created two lockdown Wi-Fi interfaces. If you went try to log into these right now, they won't work.

[00:27:57]They won't work. And the reason they won't work is because they're so locked down that the router can't even give you an IP address or give you DNS uh access.

[00:28:08]Without an IP address, you're not on a network. And even with an IP address, you can't browse the internet unless you can resolve, you know, www.google.com into a number. And that's what DNS does.

[00:28:21]So, we have to give both those interfaces access to those two things on the main router. And that's what we're going to do next.

[00:28:29]So, we're going to go up here down to firewall.

[00:28:34]There we go. And you can see down here that we already have a guest network.

[00:28:40]That's what we're going to be working with. And and if you don't have flow offload typing, oh, sorry, offloading type uh to software flow offloading, I would recommend doing that. It will make the router faster. It won't affect anything otherwise. So, this this gives you a nice speed boost. You can experiment again. Uh but here we're going to go to the guest network. Now next, right? So click on edit on the guest network.

[00:29:07]I'll follow my slides. Exactly. You should see uh guest up here. Reject, accept, reject on these three boxes as I show on the slide and hopefully I'll be able to put them in the video. And then down here you should see this guest and you know these symbols and the two Wi-Fi connections. The picture actually does symbolize your connections. So there there's what you should see right. So we're go next. Now down here allow forward to destination zones. Going to click on that and scroll.

[00:29:48]What we're going to do is choose WAN.

[00:29:52]All right, there we go. So, basically what we're saying is that guest network can have access to the internet right here. That's that's what does that right here. Okay.

[00:30:05]So, got that in there for when back and then just hit save.

[00:30:16]Step one. Now we got to make a few rules. So we're going to do that here.

[00:30:20]Save and apply.

[00:30:28]Once that's done, we're going to go up here to traffic rules, scroll down, and Oops. No.

[00:30:40]Yeah.

[00:30:41]We're gonna click on add. So here's the slide. Click on add.

[00:30:49]Now we need to add a rule that will give us access to DHCP and to another rule to give us access to DNS. So we're going to start with that.

[00:30:59]So the first rule is allow DHCP. So just name it that so that you know what this is all about. Allow and then DHCP.

[00:31:13]and uh take off the check mark from TCP.

[00:31:16]There we go. So now you should have allow DHCP and then the UDP only on the protocol. So you took the check mark off TCP. Now uh and DHCP is is what's going to give you an IP address.

[00:31:35]Next. Oh, I got that on my slide. Here we go. Next, we go to source zone. Right here, what we're going to change is drop it down and we're going to choose guest.

[00:31:47]Right.

[00:31:50]And the next place we're going is destination zone right here.

[00:31:58]And and what we're going to choose out of and what we're going to choose out of that is device input. And what that what device input is is that's the router. So we're going to allow the uh guest interface access to the router on for DHCP and DHCP only. So that's what we're doing here. So we hit that.

[00:32:27]Then down here we got to give it an a port. DHCP is on 60 port 67. And then just make sure accept is on down there.

[00:32:35]It should be by default. And that's it for that rule. Then we need one more rule.

[00:32:43]So we'll do that.

[00:32:46]Click on add.

[00:32:48]And we're going to call this one allow DNS.

[00:32:55]So again, domain name, service or server. Uh, this gives you this translates, you know, google.com into an IP address, something that the computer can understand. So, we've got allow DNS up there as a rule.

[00:33:14]Again, take the check mark off TCP IP or TCP.

[00:33:20]And down here, we're going to change this source zone to guest slider down.

[00:33:32]And this oops I went too far there. This of course this niche zone again just like the last one device input which is the router.

[00:33:42]This rule basically says hey if guest wants to ping the or or ask the router for something on port I believe 53 let it do it. So here we got that and we put 53 in here and then accept should be there already. So, hit save.

[00:34:04]Now, that guest interface with the Wi-Fi uh is allowed to ask the router for an IP address and uh DNS requests, which without that it would not work at all, but it's pretty locked down, right? And and it needs to have that. So, it's not a matter of, oh, you've introduced a vulnerability. Yeah, maybe. But unless they know the IP address or something, they won't be able to surf the internet or they won't be able to surf because they won't have an IP address. So they won't be part of a network. So this is required as part of the setup. So here down the back to save and apply.

[00:34:42]Once that happens, you're basically done. So I've got this all set up here. You can see I've got three devices connected to this. And I'm still on Wi-Fi. sorry, on Ethernet down here because once I disconnect and go into the protected networks, I will no longer be able to see this uh interface anymore. So, I'm going to connect on Wi-Fi with the lap with my laptop with my PC to test this out so you can see how this all works. So, let's go over here to available. We're going to connect to let's go to the GIF 2.4 connect. Put the password in for it.

[00:35:24]There we go. And just hit next.

[00:35:30]And you'll see it showing up down here.

[00:35:33]There it is. So, I've now have one, two, three, four devices on here. Uh, this is a plug I'm going to be testing it on.

[00:35:41]It's a power plug, a T a Tapo power plug. And the rest are just, you know, uh, Wi-Fi devices that are connected to this protected network, which is where they're staying from now on. And, uh, there's the desktop. So, that's the PC I'm using right now connected. And everything else, uh, you know, four devices currently, but I have a lot more and I'll be putting them in here. And I suggest strongly that you, you know, you just do that one by one. See what's working, what isn't working. see, you know, like maybe something doesn't connect to WPA2, uh, then you have to consider the ramifications of that security. You should actually get rid of that device at that point. Upgrade it. I actually had to do that with my garage door opener. Uh, it would not connect to a new router I bought on WPA2 and it and I looked at it and I said I tried it back in the old router. It wasn't connecting to that one on WPA2.

[00:36:38]So, it was two on it would only do WPA.

[00:36:40]So I said, "Okay, time for an upgrade."

[00:36:42]Wasn't a big deal. Bought a new one, connected to WPA3. Perfect. Right. So again, remember, security is up to you.

[00:36:50]And you can put more or less unsecure stuff in these networks because they're blocked out from the entire uh you know, well, they won't be able to connect to your router. They won't be on your home network, uh not your main one anyway, and they'll be protected from each other. But I still don't want vulnerable devices that could be potentially hacked even in a protected network in my in my environment. I'll just like I said, I'll just keep it like I like the the zoned off area that can't hurt anything in my network. And I also don't want it actually hacked anyway, but this protects it in case it does, right? So, you know, security is still important on that network. As far as I'm concerned, it's your life. It's your network. You do what you want. So, I've got all these things uh connected and you can see them running here. I'm going to disconnect the Ethernet cable from the back of that router. And once I do that, we will lose access to the uh router because we're connected through a secured this secured u uh device, right, which is GiFi 2.4 network up here, which we know is locked down. So, you can see now that there's nothing going on over here. And even if I wanted to do something, it won't. So here I'll click on edit, right?

[00:38:10]Nothing happened. It it looks like it's going to work.

[00:38:14]Nope, not working. So that's just right there showing you that it's now disconnected from the router. Uh my my PC can no longer see that router. Let's do a little testing here. I'm going to open up a command line and uh just type in cmd if you want to do the same thing. to the search. Okay, I'm running as administrator here. Let's just ping. Well, let's just do I uh IP config just like that. And you can see that I'm connected and my IP address is 192.168.50.245.

[00:38:52]Well, anything on the 50 network, this part here, that's in the protected zone.

[00:38:57]So, and here it says the default gateway is 50.1. Well, let's see if we can ping the default gateway, which is a router, but it's completely blocked off. So, let's just let's Well, it should be 192.16850.1.

[00:39:15]Look at that. Destination port unreachable. Even though it's our gateway, we we can't reach it. All right. Now, on our list, let's see if there's other things we can do here.

[00:39:24]Okay. So, this device here, which is my Tapo uh wireless plug, uh smart plug, it is on 105. Let's see if we can ping it.

[00:39:36]All right, so 105. There we go.

[00:39:42]Nothing unreachable yet. It's still on the same network, right? You know, I think I maybe we we should be able to ping ourselves maybe. And uh again, IP address is 245. So you can see it up here. So we'll just do that ping and 192.168.50.245.

[00:40:06]Can we ping that? Yeah, of course we can ping you. You can ping the interface on your PC on my PC. All right. So you know that's all I can ping. And and also here if I ping Google you can see that we can ping Google. So the you know the device can see itself.

[00:40:28]That's it. So if this PC was hacked anybody that was inside this PC would only see this PC. They wouldn't see the network. They wouldn't see any of the devices in the network completely locked off. And I love that. I think you know I'm you I'm definitely using this in my network. Um, you know, I'm going to migrate all this stuff in right after this video because I I I the idea of having all that potentially insecure hardware, the 19 vulnerabilities that I showed in that example. I probably have more.

[00:41:00]They all go into a lock box that functions perfectly. I can use the phone to operate it and, you know, like to turn on the plug and off whatever I want to do. But it stays out of my main network. it stays out of my router. It can't reach any of that as you can see here from this ping test and it can connect to the network and that's to so to the internet and that's all it needs to do. That's all these Wi-Fi devices and these IoT devices need to do. They need to have a connection to the main server that you can then use to control them. And that's exactly what I gave you here doing this video. Now, uh let's just test the functionality on my plug.

[00:41:43]So, I'm going to plug into log into that. And okay, I have it here on this light. I'm just going to switch it on and off. So, there we go.

[00:41:57]You can see there it is. I don't want to flood the camera too much, but you can see I can turn it on and off all I want.

[00:42:07]Isn't that cool?

[00:42:09]Awesome, right? And that is inside the protected network. Can I? So, it's completely uh controllable. Nothing has changed as far as my controls on my cell phone and uh you it it the the device is just connected to this uh network. Now, that's going to be the tedious part.

[00:42:28]You're going to have to migrate all the stuff over to this network, and I would suggest you do that. I would also strongly suggest that anybody on your network that doesn't need access to your router or to your main network for whatever is in the main network, maybe you have a NAS and somebody needs access to that. Well, of course, then they're going to have to be on that network, right? But your children, they don't need access to your NAS, they don't need access to your router. All they need access to is the internet. So, migrate them over. just tell them, "Hey, change the uh SSID and uh here's the new password." You know, and you can put it in for them if you don't want them to know it. But even if they do, it doesn't matter because they can add their friends, too, if they know the password and they can do that safely because they're going into the protected network. They don't need to know what's going on. just, you know, like you explain it to them if you want, but regardless, it's like, you know, they really don't need access to things like your router or anything plugged into your main network, especially if you're using it for work. Uh, that basically segregates the two networks. This is a serious network. This is your play network, right? And I will I use I will be using the uh play network or this the secured uh network that we just created the you know lockdown network for my phone too because it you know I don't access my network with my phone very often and I can always just switch over to it when I want to but the rest of the time you know if my phone somehow got compromised it won't infect the rest of my network. That's the whole thing is keep things from infecting each other number one and keep if if you something does get compromised or hacked and somebody gets into that network. They're just into your camera or they're just into your smart plug and that's all they're into. Maybe they can turn the light on and off like I was just showing, right? Or something like that.

[00:44:22]And if you see something like that going on, you know it's like something's wrong there, right? So, uh, regardless, we're there. We got this tested out. You can see how it's working. It's just completely locked down but completely functional, which is what I wanted to do and wanted to show you how to do. And I think this is an essential network security uh feature. Uh, and again, if you don't have access to thirdparty firmware for your router, I'd say, you know, start looking for a router that has it number one or that you can do it.

[00:44:55]Like this is the EA7500 linkis V2 works great. I've got others and I will be doing more videos on OpenWRT and third party firmware on routers and what is capable and those that are possible do of doing it. So, you can wait for those as well. Uh but yeah, if you're not willing to do any of this, but you have a guest network uh ability on your Wi-Fi uh settings on your current router, turn that guest Wi-Fi network on and just put all this IoT stuff in there, including your children, and they probably won't notice it at all.

[00:45:35]And if they have any problem with sharing files or printing, most printers have a cloud printing option on them. my HP does, my Canon does. Uh, and then you you can uh print to the cloud through this network, no problem at all on those printers. I can, so they should be able to. If they want to share files, no problem. Again, they can use, you know, Google Drive or they can use Dropbox or Eyesshare or, you know, the numerous amounts of cloud options that there is Microsoft as well. Uh, they can use that through this network. no problem at all.

[00:46:11]So, they're not really restricted. Uh again, but they're restricted from your important part, which is, you know, your main network, which is probably where your work network is. Uh and off you go.

[00:46:24]Now, you can also create more of these interfaces. Like, I've created two. I could add another six if I wanted to and and put them all in the protected zone and and use them differently for different things, right? So, up to you.

[00:46:38]And there's no restriction here. So, it's pretty cool that way. And and that's that's for sure. And the other thing, too, if you want to see who who is on your protected network, just if you look at this list, and let's go back. We can go back to uh let me put my Ethernet cable back in. There we go. And now I'm back. Once once I put the Ethernet cable back in, I'm on the main network that can see the router again.

[00:47:03]And you can see here it says, you know, this these red things are where I tried to do something and I wasn't connected to it. So just dismiss those. You can see everything here that everything's on the 50 network. So the things that are on the 50 network, those are all devices that are, you know, uh on the protected network. And if you saw something here that was on the one network, then you would know that that's not on the protected network, it would be on one of the other networks. Now, another thing you can do here, too, once you're back into the router, uh, and you're done doing all of this, I suggest disabling the unprotected uh, you know, straight to your, uh, router, uh, connections like that. Just disable them. Don't you don't have to delete them or remove them or anything like that. Just disable the ones that are open to your network. So, just there you go. And once you do that, they disappear and you can no longer connect to them and nobody can connect connect to them. But anytime you want to turn them on, just go back into your router, turn them on, use them for whatever.

[00:48:09]When you're done, turn them off again.

[00:48:10]Right? Again, you want to be security focused. Uh, at least I I think you should want to be. And this FCC ban will take all those IoT devices and make them insecure because they will no longer get any updates. So, I strongly recommend that you use this solution whether you got open uh you know open- source third party firmware on your router like this excellent open WRT uh firmware or not.

[00:48:38]If you have a guest network uh ability, yeah, definitely use the guest network on your stock firmware and rock and roll that way and look for a solution on your stock firmware uh router too because it's going to time out next year. Right, that's it for my videos. liked this video and it helped you out in some way, give me a thumbs up, give me a like at the bottom of the video. I really appreciate that. Uh, also in that section down there, there's a comment section. Anything you want to say to me, anything, you know, suggestions, questions, uh, whatever you want to communicate to me, do it in that comment section. Uh, I'm working on setting up an email system and, you know, that might make it better for us to communicate. I don't know. We we'll see.

[00:49:23]That's in the future. For now, use the comment section and put anything you want to put in there. I really appreciate your feedback. I enjoy hearing from you, especially uh you know, no, I like the accolades and and but I definitely like the the constructive criticism and also the suggestions and questions because those spur me on to make new videos. That's a really good question. I'm going to make a video about that because it's, you know, basically e easier to answer sometimes in a video and a lot of people are asking it. So, off we go. would make a video. Now, in the video description, I'll put chapters, YouTube chapters for this video so that you can go through it and, you know, just basically index your way through the video quickly. Uh, as well, I'll put uh uh, you know, show notes and stuff in there.

[00:50:08]I will probably link to my web page on the comment section as well. In that uh, video description, I'll have affiliate links for recommended hardware that I usually use. And you know, anything I used in this video or any video will be in in the video description. Those are a affiliate links. They help me out. Uh, and they're free for you to use. They don't cost you any more than going straight to Amazon. If you're going to buy something like a Ethernet adapter, like one of these, uh, you know, one gigabit USB 3 Ethernet adapters, 10 bucks, by the way. Uh, if you're going to buy one of those, uh, you go through those links. It doesn't cost any more than just going straight to Amazon. uh and I get a little portion of the sale.

[00:50:49]That helps me out. So, I appreciate that as well. Also, if you like my content and you want to see more of it, uh subscribe to my channel. As part of the process of that, you'll see the bell icon. Click the bell icon. That's a notific notification bell and then you'll be notified every time I put up a new video and you can watch it at your own leisure. Once again, like always, thank you so much for watching. Take care of yourself, take care of others.

[00:51:14]Uh, stay safe, stay happy, stay healthy, and we'll see you on the next video.