we should not use Avahi, IGMP Proxy, and disallow IGMP from leaving L2?
In my opinion no you shouldn't I sure wouldn't use them.. But your take might be different.. Without fully understanding the security implications that might be involved, its better to just isolate them completely.. Like these iot devices. I wouldn't put them on my normal vlans. The only thing I allow my roku's to do from their vlan is talk to my plex on 32400. I have found zero reason to allow multicast from 1 L2 to another in my home.. You know the simple solution for air printing to your printer from your wifi network.. Put the printer on the same vlan.. Done - no L2 boundaries to cross no avahi to setup, etc.
My devices on my lan network have no issues getting to the printer, since they just print to the IP.. But when my wife wants to print from her phone or tablet.. She can still use L2 discovery to find it (airprint).. Now no multicast spreading into any of my other vlans.. Its isolated to that L2 those devices using that shit are on.. Be it a security concern or not - its noise I don't need my other networks.
My iot devices are isolated - what exactly would they be discovering.. Other than joining that IOT wireless vlan to setup a new devices that needs L2 discovery have zero reason for my mobile devices to join that network Once the devices are discovered I don't need to be on that network... I can control my roku's just fine from my phone without being on the roku vlan... Need to join it once to discover any new roku's but once the roku is found no need to be on that vlan again.
Don't need to be on any specific L2 to control any of my smart lightbulbs, power outlets, etc.
The big word used here is "convenience" which is always going to be at the cost of security. If what you want is for shit to be convenient.. Why not just 1 flat network, where everything is on the same L2.. Its easy that way ;)
Just because pfsense provides a feature, doesn't mean you "have" to use it ;) Its provided for the people that want to use it, or maybe need to use since sure that would be better than 1 flat network ;) But its not something that to be honest should be required.. I have many a techy device in my home. Alexa's, Smart Bulbs, I get alerted when my garage door opens and closes, can control from my phone even. My thermostat is connected, nest protect, harmony remote, etc. etc. None which any of them require to break the L2 boundary to function. All of these devices are isolated to their own vlans and don't touch any other network.. Other than the roku's can talk to my plex.. And I let them talk to my ntp server that is on its own isolated dmz vlan.
Sounds like an interesting sort of gig.. Take it lots of travel? What is the pay range.. Does the person have live in the Raleigh area, or can be be remote with the travel? This might help get you more interest.
Saying you have 401k doesn't say much.. What do you match, what do you contribute on your own.. Company that matches dollar for dollar up to X% vs no match is not the same typical ben ;) Company that contributes 5% into your 401k be it you contribute nothing or if your put in 5% and they match 5 and put in 5 is 15 going into your 401k..
Profit sharing - so bonus.. What %, what has been the history.. You can say you have profit sharing/bonus but if you last 3 years has been 1% vs max of ??
Health care - so fully paid, or you contribute and the plans you offer still going to cost me $$$ etc..
When you have another opening.. Might want to bait your hook a bit better if you want anyone to bite ;)
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.