<div dir="ltr">Operationally, you can deploy a firewall, but have no say in the poor software development practices of your IoT vendor. <div>Compartmentalization -- yes, within the compartment, the IoT devices can kill each other. :-) If the compartment granularity is not fine enough, improve it.</div><div><br></div><div>P.S.: Yes, I'd like secure IoT devices. I would also like to erradicate poverty and other things...</div><div><br></div><div>Fernando</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 11, 2017 at 6:09 PM, Pete Mundy <span dir="ltr"><<a href="mailto:pete@fiberphone.co.nz" target="_blank">pete@fiberphone.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
But the FW doesn't (can't) protect the IoT device from other malicious IoT devices sharing the local network behind the firewall.<br>
<br>
Isn't it better to forego the boarder firewall completely and make implementing that service the responsibility of each host for itself?<br>
<span class="HOEnZb"><font color="#888888"><br>
Pete<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
> On 12/12/2017, at 10:00 AM, Fernando Gont <<a href="mailto:fernando@gont.com.ar">fernando@gont.com.ar</a>> wrote:<br>
><br>
> The crap doesn't get fixed because that's the software development we are used to. Windows 10 was Windows '95 in the '90s. So give the IoT stuff 15-20 years to get to a sensible quality/state/security and/or enough widespread trouble/exploitation.<br>
><br>
> Pragmatically speaking, people will connect that crap to the 'net... and the "less connected" such devices are, the better.<br>
> So, please, don't remove FWs. :-)<br>
><br>
> Cheers,<br>
> Fernando<br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Fernando Gont<br>e-mail: <a href="mailto:fernando@gont.com.ar" target="_blank">fernando@gont.com.ar</a> || <a href="mailto:fgont@acm.org" target="_blank">fgont@acm.org</a><br>PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1</div>
</div>