In light of the many SaaS/IoT hacks that have happened, I’ve been trying to eliminated IoT devices from my home network. I’ve been working in IT for 18 years and have witnessed time and time again from an internal perspective how SaaS companies view security. Generally speaking, security is viewed as an inconvenience and is ignored as long as possible, unless and until an event happens which forces updates (ie: software going EOL, a breach, an embarrassing breach at another company which triggers the “are we doing that?” questions). Long story short, in the industry, security is often dealt with reactively instead of proactively. When companies do get proactive it’s done as a necessity to achieve a certification, or it’s done in an attempt to “catch up” to their perception of what the rest of the industry is doing. It is the golden age for hackers, as recent events continuously show.
I don’t know how Vera deals with security. Regardless, I don’t see any benefits to having mandatory cloud interaction/dependencies, and I’d like to avoid them. I used to be able to connect directly to the Vera, but with the latest updates, I can’t auth to it without going through the home.getvera.com portal.
Has anyone been working on bypassing this? Has anyone lobbied Vera to re-add the functionality to NOT use their cloud services?
Most of the vera functionality can be accessed by going to the unit directly with the “secure vera” option off.
So my plan for a vera security breach is that I put the vera in a network segment with no outbound internet access but that can be reached by devices on my internal LAN. My router support being a VPN server plus dynamic DNS so I can map a domain to my house to do remote control.
This means I lose all alerts unless I use an alert plug in from someone other than vera and and can set up the rules to restrict outbound traffic correctly. But this would be a stopgap either until a solid firmware comes out or I give up and get another standalone hub like Homeseer.
[quote=“kigmatzomat, post:2, topic:195079”]Most of the vera functionality can be accessed by going to the unit directly with the “secure vera” option off.
So my plan for a vera security breach is that I put the vera in a network segment with no outbound internet access but that can be reached by devices on my internal LAN. My router support being a VPN server plus dynamic DNS so I can map a domain to my house to do remote control.
This means I lose all alerts unless I use an alert plug in from someone other than vera and and can set up the rules to restrict outbound traffic correctly. But this would be a stopgap either until a solid firmware comes out or I give up and get another standalone hub like Homeseer.[/quote]
The thing in this setup is that you will not be able to easily use the mainstream apps (imperihome etc) to directly connect to the vera remotely. Other than that you will allways need a VPN open and setup in order to be able to reach your vera.
I would have to have the router vpn server on all the time. Imperihome would have access as long as I kick off the vpn client on my phone.
Not the most convenient thing, that’s why it’s my fallback plan. It’s the same one I’d use on Homeseer if I had one of their 'Trollers and their cloud got hacked. Heck, it’s the only option for remote control with roll-your-own HA systems like OpenHAB.
But you can’t do that at all with SmartThings or Wink because losing the cloud lobotomizes them.
Best Home Automation shopping experience. Shop at Ezlo!