IoT & Home Office Segmentation

Smart TVs, speakers, cameras, bulbs—IoT is handy but noisy and often unpatched. We isolate it from the devices that actually hold your data (laptops, phones, NAS, workstations). That limits lateral movement if something gets compromised.

  • Separate SSIDs/VLANs: Personal, Home Office, Guest, and IoT get their own lanes and rules.
  • WPA3 + strong keys: Rotatable passphrases, optional per-user credentials for work gear.
  • Client isolation: Guests can hit the internet, not your printer or baby cam.
  • Device onboarding: We document & label where everything lives and why.

Port Hardening & Remote Access

Most break-ins start with the obvious: default passwords, open ports, universal plug-and-pray (UPnP), and exposed admin pages. Hackers scan for these every minute. We close the easy doors and give you safe ways back in when you need them.

  • Disable UPnP & risky forwards: No silent holes punched by random apps.
  • Firewall rules & geo/rate limits: Allow what’s needed; drop the rest.
  • VPN done right: Site-to-site for outbuildings/offices, user VPN for remote work. No exposed RDP.
  • Lock down admin: Unique creds, HTTPS-only, 2FA where supported, and no WAN admin pages.
  • Firmware & alerts: Keep routers/switches/APs updated and notify on failed logins.

Kids’ Online Safety & Site Blocking

Healthy boundaries without playing whack-a-mole. We build profiles per child/device and apply sensible schedules and filters—adjustable as they grow.

  • DNS filtering: Category blocks (adult, malware, gambling, scams), SafeSearch, YouTube restricted mode.
  • Time windows: School-night bedtimes, weekend rules, per-device pauses.
  • Bypass options: Parent override/temporary unlocks so homework still works.
  • Reporting: Simple summaries you’ll actually read.

Small-Business Security

Shops, offices, cafés—same internet, higher stakes. We implement lightweight, proven controls that fit your size and keep auditors happy.

  • Network segmentation: Staff, POS, cameras, IoT, and guest Wi-Fi split with VLANs and policies.
  • Identity & access: Unique admin accounts, MFA where available, and least-privilege access.
  • Wi-Fi hygiene: Rotating PSKs, WPA3, and allow-listing for POS and printers.
  • Email & web safety: Phishing protection, SPF/DMARC checks, and DNS filtering.
  • Backups & continuity: Image-based backups for critical PCs + restore tests.
  • Monitoring & logs: Basic uptime/health alerts; optional remote management under Service Plans.
  • Playbooks: Clear steps for onboarding, device disposal, and incident response.

What We Do on Day One

Task Why it helps
Inventory & update firmware Closes known exploits on routers, switches, APs, cameras, and NAS.
Disable UPnP & audit forwards Stops apps from auto-exposing services; shuts risky ports like RDP/SSH from WAN.
Segment networks (VLAN/SSIDs) Prevents lateral movement between IoT/guest and work devices.
Harden admin & management Unique creds, HTTPS only, 2FA where possible; no WAN admin pages.
Configure DNS filtering Blocks malware & inappropriate sites network-wide; enforces SafeSearch.
Set up VPN access Secure remote work and site-to-site links without exposing services.
Enable basic monitoring & logs Catch outages and brute-force attempts before they become disasters.
Document & handoff Network map, creds vault, and a short “how to” guide in plain English.

Packages

Essentials Hardening

Best for homes and very small offices.

  • UPnP off & port audit
  • Admin lockdown & firmware updates
  • DNS filtering (malware + adult)
  • One guest SSID

Family / Remote-Work

For homes with school devices and a home office.

  • Separate Home Office & IoT networks
  • Profiles, schedules & SafeSearch
  • User VPN accounts (2 included)
  • Monthly health report (optional)

Business Pro

For shops, clinics, and small offices.

  • VLANs for Staff, POS, Cameras, Guest
  • MFA for admin access, allow-listing
  • Site-to-site or user VPN
  • Policy docs & onboarding playbook

Why It Matters

The internet isn’t just people—it’s bots scanning 24/7 for open ports, default passwords, and out-of-date gear. A single misconfigured forward or unpatched camera can let an attacker land and then crawl sideways across your network. Segmentation, strong identity, and safe remote access turn a single mistake into a contained blip instead of a breach.

Good security should feel boring: clear rules, simple tools, and no drama. That’s the point.