Not To's

Things not to do…

Not to do Photo by lukasbieri from Pixabay


Restricting Ports too much with Port Isolation on Network Switch

Restricting Ports too much with Port Isolation on Network Switch

Isolating ports on a switch can be great for IoT devices but what about network infrastructure devices?

For security reasons, I decided to put my IoT devices on their own network using VLANs. I also had a desire to restrict certain devices to only have access to the Internet but not any other devices on my network. This should help reduce the likelihood of a hacked device from trying to traverse through the network by hacking other devices. A good example of a device on my network that only needs Internet access would be the Apple TV (3rd generation).
Streaming Live TV on Plex Media Server Issues with OPNsense Intrusion Detection Blocking Enabled

Streaming Live TV on Plex Media Server Issues with OPNsense Intrusion Detection Blocking Enabled

Enabling intrusion detection with blocking (IPS mode) on your LAN interface can cause issues!

On my home network, I host the Plex Media Server software on my server and make use of its Live TV and DVR capabilities. It actually works quite well. To make use of the TV/DVR capability you must have a Plex Pass (monthly, yearly, or lifetime) and a compatible cable box such as any of the HDHomeRun products. Originally I placed my HDHomeRun Prime device on my IoT network to keep it separate from my server, which I think makes sense since it is essentially an IoT device that infrequently receives updates from the manufacturer.
Enabling All DoS Defend Options on TP-Link Switch without Testing

Enabling All DoS Defend Options on TP-Link Switch without Testing

What could go wrong by enabling all of the DoS protections on your switch?

In the interest of increasing security and reliability of my home network against malicious attacks, I thought enabling all of the Denial of Service protections on my TP-Link switch would be a good idea. So I enabled the setting and all seemed well enough. Some time later, my wife tries to use our old 3rd generation Apple TV in our bedroom while folding laundry. It was showing the Computers icon and the Settings icon but not the main Apple TV screen.
Enabling Guest Control in UniFi Controller Blocked Access to Local Network Services by Default

Enabling Guest Control in UniFi Controller Blocked Access to Local Network Services by Default

Properly configuring guest isolation in the UniFi Controller

For my guest wireless network, I like the idea of all of the network devices on the guest network to be isolated from one another. Since the guest network should be used for visitors and other untrusted devices, it makes sense to restrict communication between the devices to improve security. Even though captive portals are a pretty cool feature that can provide a “wow” factor for guests that log onto your guest network, I have read where the captive portal on UniFi wireless access points can reduce the throughput of the guest network.
Incorrectly Executing Gatsby Development Server

Incorrectly Executing Gatsby Development Server

Running a static web generator development server but encountering problems with excecution?

When I was setting up a development environment for creating the this website using the static website generator Gatsby (before I decided to switch to Hugo), I was struggling to run the built-in development server. At one point, I tried re-installing Gatsby and created a site in my home directory on my Ubuntu PC. The development server loaded just fine and I was able to get the site running! Then I tried creating it on my larger capacity hard drive that is backed up to my local Nextcloud server, it would not run correctly.