Have you ever run across a Wi-Fi device that you wanted to make use of but don’t exactly trust the security of it enough to add it to your network? Maybe it was designed in a foreign country that you are unsure about, or it had a vulnerability at some point that has since been patched, but you are still uncertain. This is where the thought of “Should I use it, or Should I trash it?” comes to mind. However, if there is an underlying “want” involved, you can still make use of it if all it needs is an internet connection, and doesn’t need to see anything else on the network.
There are two tricks to this. The easiest of them all is something anyone who knows how to access their router’s admin settings could do. That trick involves simply enabling the guest network (if your router supports it) and making sure it is set to be separate from your main Wi-Fi SSID/network(s), and that it is password-protected with its own unique password/passphrase. This creates an isolated network that guests can use that gives them access to the internet, without being able to have access to anything else. They won’t be able to see or have access to other devices (computers, printers, etc) on the network. Essentially, it is like an easy-to-use virtual LAN (VLAN) created by your router.
If the device needs access to other devices on the network (ie, smart home device), then these methods wouldn’t work obviously, which is why I started off by mentioning that this scenario covers devices that only need an internet connection to function.
An example of this is the Logitech Squeezebox radio. In their time (which wasn’t that long ago), they were an amazing solution for having a small speaker that supported internet streaming options like Pandora and SiriusXM (and it sounded really good). You could also run a media server on one of your PCs where you can stream your library of personal music to any of the speakers (controlled via app, browser, or from the radio’s screen directly). However, Logitech stopped properly supporting the radio, leading to its media server software eventually falling prey to troublemakers and the accounts being hacked, with password resets, locking the users out of their accounts and/or taking control of the speakers and streaming annoying files to them like sirens in the middle of the night. One of the few times Logitech failed miserably to look after their customers.
A number of us own one or more of these radios and have found all sorts of ways to make use of them, including getting them to act as a voice for our automation systems using Vera Z-Wave hubs and the media server software. However, since then, the speakers have been taken out of commission and the software installed (due to the issue going around). Although we would never recommend installing the software again, you could still make use of the speaker directly connected to Logitech’s services. You can even upgrade it to the UE Radio firmware (that replaced the Squeezebox line) that does exactly this (it doesn’t support the media server anymore). However, that still leaves you to wonder how safe that speaker really is on the network since they aren’t really updating it. So the trick is having it join the guest network instead. It has access to the internet and nothing else. Even if a vulnerability were to pop up, it would be isolated from the rest of your network.
The second option is to actually build out a proper VLAN. How to do this depends on the hardware you are using, but it is best to invest in a good (quality) managed options to pull this off. It is also good to know what you are doing, else you are going to rack your head over why certain options may not be working, or how certain options function at all. Especially, if the device has app access from your phone or web for settings/controls. Going this route is even more secure if done right, as you can build everything behind its own firewall, be able to manage things like port access, IP assignment, and more. Again, we’d only recommend doing this if you have the proper experience.
Regardless of which path you take, you still have options. You don’t have to trash or sell these devices as there is still hope for them (as long as they don’t require access to other things on the network). Of course, if they do require access to other devices, you can always weigh the option of putting all of the related devices on the guest network or running a second router all-together (a not-so-virtual-LAN) under its own SSID.
Have a different solution you prefer? Feel free to share below in the comments.