Thanks so much for the kind words!

Thanks a lot! I appreciate the encouragement

Word of Truth!

@@leaftro thanks the feedback is much appreciated!

thanks for the positive feedback! much apprecaited

Thank you! Let's goooo!

I would look into Ubiquiti, they offer some great consumer grade products that I have installed in a number of homes. Their equipment is great for network segmentation implementations

You can always find a consumer router that can be flashed to openwrt or ddwrt to unlock these « enterprise » feature, they have lists of compatible routers with their specs

Absolutely! so in the video above I was addressing L2 segmentation, VRF would effectively allow for segmentation of traffic as it was being routed --> think two sets of clients being routed by the same piece of hardware, but for security, logging, analytics you want each of the client networks have their own routing instances, you can utilize Virtual Routing and Forwarding (VRF) to route this traffic but maintain separation of traffic and routing tables

TBH I'm not sure either tom

You can do a few things... first would be to ping from devices that should be VLAN separated, you should NOT be able to ping between them until a route is set up between vlans.

So the "threat" in this case is that any one of the device on your network is compromised. If this occurs and your network is segmented the likelihood of your entire network being compromised is significantly lower. To give you a specific threat example, you could have your file storage server compromised (in a small/medium environment this might be a single device like a Synology NAS). Even more specifically, an attacker leverages vulnerabilities in the file sharing protocol SMB to upload and run software establishing persistence on this file server. If your network is segmented appropriately the attacker will NOT have the ability to pivot to all the other devices in the network. If your network is not segmented, all of the other devices are now potentially victims as well.

Yes wacom intuous tablet and pen

@@intelligencequest I just started using it and long ways to go to make it look natural. Right now I struggle in meetings with new work from home situation. Was so used to whiteboard and markers 🤣

@@techenthusiast4542 100%.. it just takes time.. but I still don't think there is any replacing in person white boarding.. I think a mix of virtual and live has to be what we use going forward 👍

Thanks! Next up is access control lists!! Should have it out tomorrow!

There are a couple of things that you can do, but the most common is to make a second SSID aka IOTnetwork with its own password and IP address range and segment that network from your primary wireless network. By segment I mean either add ACL entries if you want to allow certain traffic or deny all traffic from that IOT network to the rest of your network (the implementation of this will be different on different Network Operating Systems - NOS')

@@intelligencequest yes... the other thing I need to accomplish is to completely isolate the wireless cameras from the main router. I need to figure out a way to have a 2nd router just for the cameras so the main router has nothing to do with them.

Thank you for the feedback! I actually agree to some extent and I think we are trying to fill in the gaps in this content with subsequent videos.. in response to the "cure all nature" of this segmentation video... that certainly was not the intent! How ever we do think segmentation is an area of basic networking that is very under utilized is most small and medium networks.