Yesterday I finally set up a separate network and firewall rules for all my IoT devices. I feel slightly safer now. It was pretty easy once I understood what I was doing. A couple of hiccups where I had to lookup some additional info, but it’s done and working flawlessly so far!
@DrOct Most of the extra time spent was just from being extra cautious to be sure I'd done every step right, and hemming an hawwing about a couple of different options for how to set everything up. But even with all that it only took me a couple of hours.
@DrOct What ecosystem? HomeKit? I'd thought about doing that but assumed that stuff would need to be on the same network as the HomeHubs (Apple TV/HomePod), which need to be on the same network as my phone/iPad for Handoff.
@davextreme Yep, with homekit. I have the Virtual LAN's set up such that the "main" network can talk to the IoT network (and they can reply) but the IoT network can't talk to the main network (at least not without an established connection originating from the main network). The IoT stuff can also talk to the internet. I actually currently have my AppletTV (which is my Homkit hub) on the main network though I may experiment with putting it on the IoT network (though I'm concerned it won't be able to reach my iMac when I want to watch stuff on Plex or from my DVR). I actually feel like a modern AppleTV is probably secure enough to stay on the main network. And since it can talk to the devices on the IoT network it can still act as a hub just fine.
@DrOct @Davextreme - I did have to turn on a setting in my networking equipment to get Homekit working properly (mDNS which as far as I can tell just lets some multicast packets propogate between the networks). We'll see how things go as it develops, I may run into some unexpected problems as I spend more time with it, but so far everything seems to work great!