Bart Busschots did a talk for the Connecticut Macintosh Connection (aka CTMac) at ctmac.org a few weeks ago where he explained how the Internet of Things can be a concern for the security of your home network. Of course he didn’t stop there, he sent on to explain how for a fairly small amount of money, you can keep yourself secure.
Bart and I decided this would make a terrific topic for Chit Chat Across the Pond. He produced a 67 chart Keynote that we do NOT go through in its entirety, in fact we skip the middle 40 or so pages, but they’re there if you have in depth questions about how anything he discusses.
If you want to follow along with the slides, you can do that here: bartbusschots.ie/….
Not to spoil the punchline but the solution involves using three (cheap) routers. At the end of the talk we got into some specifics of how we tested the Guest network capability of the Airport Extreme to see if it really did provide you two completely separated networks. You’ll need to listen to get the full understanding, but here’s an outline of what we did.
- MacBook Pro on the 5GHz network where it was served IP 10.0.1.15
- MacBook on the Guest network where it was served IP 172.16.42.5 (already a good sign)
- Opened a Terminal on both computers and ran this command so we could monitor ARP traffic on both networks
sudo tcpdump -nneq arp
- On both computers we launched iNet Network Scanner ($10 in Mac App Store)
- Ran a scan with iNet which checks every single IP on the subnet to ask them for their associated MAC Addresses
- During the scan on the MacBook, we watched the ARP traffic on the MacBook Pro, and vice versa, and in both cases, the scan on each network did not cause ARP traffic on the other one
- Finally we tried pinging from the MacBook to the MacBook Pro and back and were unsuccessful
We were able to confirm that the Guest Network is indeed a completely separated network on the Airport Extreme.