[ale] Home Assistant / Docker / Network Security

Derek Atkins derek at ihtfp.com
Tue Jul 24 13:22:54 EDT 2018


H,

On Tue, July 24, 2018 1:04 pm, DJ-Pfulio via Ale wrote:
> Wouldn't a VPN be more secure? I know nothing about HomeAssist protocols.
>
> I use VPN (openvpn AES256) or an ssh-SOCKS proxy to access a LAN-only
> Plex server.

Much harder to set up on my Android and iOS devices in order to monitor
the house when I'm out.

> Patching?  Is that not done, like how Asterisk is generally deployed
> commercially?

Patching requires code updates that solve the problem... Which requires
developers who acknowledge there is a problem and then fix it.

Based on the (10-page) thread I read, there does seem to be a problem, but
it's unclear if it's based on SAMBA, a combination of proxy, trust, and
x-forward-for, or some other bug.  There certainly isn't a "Best Practice"
that I can find.

I suspect securing the docker instance would be much harder than securing
a base OS running HA natively.   On the other hand, upgrading the native
HA is probably harder as it's not as simple as clicking a button and
loading the new docker image.  (I honestly have no clue how to update a
"pip-installed" thing).

-derek

> On 07/24/2018 11:47 AM, Raj Wurttemberg via Ale wrote:
>> I think that I really only use the z-wave add-on.  I do access my HA
>> remotely but it's though a proxy server. I also only enable remote
>> access if I am going away for a few days.
>> For the most part I never need to touch my HA, it just runs and sends me
>> e-mail alerts if there are any issues.
>>
>> /Raj
>>
>> -----Original Message-----
>> From: Derek Atkins <derek at ihtfp.com>
>> Sent: Tuesday, July 24, 2018 11:36 AM
>> To: Raj Wurttemberg <rajaw at c64.us>; Atlanta Linux Enthusiasts
>> <ale at ale.org>
>> Subject: Re: [ale] Home Assistant / Docker / Network Security
>>
>> So there are no "Add Ons" that you care about?
>> There did seem to be a few that looked interesting (that I wasn't sure
>> how to do on my own)
>>
>> What do you do about security?  Can you connect from the outside world?
>>
>> -derek
>>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



More information about the Ale mailing list