I’m looking for general tips on how to safely integrate a potentially un-safe device into my network: IOT devices such as wifi cameras, thermostats, VOIP telephones, etc.
My initial thought was to segregate them to a “guest” VLAN / WiFi and keep them off of my more secure business network. That way, even if they are misbehaving they can’t do much damage. However a problem with this approach is that other devices which may want to talk to the IOT devices can’t. Simple example: A Philps HUE bridge, if it’s on the guest VLAN, can’t be accessed by iOS devices on the main VLAN.
Another approach: put the IOT device on the secure network, but firewall it tight. Closing all ports except for the few that it needs. The problem with this approach is that it’s not always apparent what ports/protocols an IOT device needs.
Anyone solved this?