Acces control and security

Hoka · July 14, 2024, 8:45am

My Up2Stream pro V3 is connected to my LAN and as it is anyone can stream to it, how do I restrict acces to it?
Is there a way to control this?

zitev · July 14, 2024, 4:51pm

@Hoka you transfer the device to a separate vlan and only give authorized users access to the vlan.

Hoka · July 15, 2024, 7:38am

I suppose you mean “wlan” ?
Setting up more wireless networks is NOT what I want to do…
I want to use it wired AND still have access control!

That seems to be impossible…

zitev · July 15, 2024, 7:56am

@Hoka no, I mean vlan (virtual local area network), creating a separate subnet accessible with separate authentication on the same wifi, or wired network.
Arylic’s devices themselves are not suitable for safe, protected network operation, they are only entertainment electronics, network security can be implemented with network devices suitable for this purpose (firewall, layer-2 switches, etc.).

Hoka · July 15, 2024, 8:28am

OK learned something new!
Thank you, I am going to look into that!

fredjchavez · September 13, 2024, 12:25am

Did you ever figure out how to segment these devices? I have not. Once I install on a different vlan, they cannot be found by 4stream despite having subnet access. Example: I have trusted equipment on 192.168.1.0/24, and untrusted devices such as iOT and untrusted guests on 192.168.40.0/24. If I install the A50’s on 192.168.40.0 network which is what I eventually want, the controlling device also has to be on the same network but I’d like to use a device on 192.168.1.0 network (or any other local network) utilize 4stream to conrol A50’s on 192.168.40.0 . It appears there is a “broadcast” of sorts taking place that allows 4stream to find the devices that I’m not accounting for possibly multicast but unclear as I just received these recently and havent had much time away from my day to day security job! Thank you.

Freddy

zitev · September 13, 2024, 6:16am

Hi @fredjchavez,

There is no transition between the trusted and untrusted network, this is the point, it ensures the reliability of the trusted network, so if you want to communicate with the devices on this network, the control device must also be on this network!

fredjchavez · September 25, 2024, 8:34pm

I found that if I install an mDNS proxy on the router, all works as expected. What I do not know is whether this is a good idea or not. Its probably better than having all my devices on one subnet…now that I have determined that this works, I should also put some though into security…

Freddy

zitev · September 26, 2024, 4:32pm

I think guest wifi is the keyword you need.

fredjchavez · September 27, 2024, 12:41am

Not following your comment on guest wifi. I have a guest portal but it is completely isolated (no devices can connect to anything else…simply internet access). Solution above works with the 2 vlans mentioned plus the others I’ve defined such as camera vlan, etc.

zitev · September 27, 2024, 7:37am

Guest wifi is a possible solution for separated network for Arylic devices.