@almarg
After I wrote my post re connections from the internet (and you replied) ...I should add that there is a simple and reasonable approach to mitigate the concerns I raised: Stand up a separate and independent wireless or ethernet network for "foreign" devices.
By example, in my home I have a Verizon wireless router which essentially provides connectivity to the Internet. This router can be configured in several interesting and useful ways by the owner.
One important way is to create two or more separate networks that only pass traffic through the router and NOT to each other. If you trust a couple of your devices, then put those on your "trusted" sub-net; likewise, if you don;t know what the heck a device is really doing (or where it’s networking software came from ...China?), then limit it’s internet access to the other "UNTRUSTED" sub-net.
This is very effective, and easy to do with almost all ISP provided routers, if your ISP router can’t do this then buy an additional router (or firewall etc) that can and stick it in-between the ISP router and all your devices.
This strategy of "isolation" or network "segmentation" has an additional benefit and that is traffic management. High-bandwidth devices should send their traffic as directly to the ISPs router as possible, otherwise it adds to internal home-network congestion. So, in my house I have several separate and isolated networks, each has one or more wireless access points. The traffic from these separate networks can not cross network segments, it can only get directly to the ISP router. This alone makes my other segments unaffected by the congestion.
After I wrote my post re connections from the internet (and you replied) ...I should add that there is a simple and reasonable approach to mitigate the concerns I raised: Stand up a separate and independent wireless or ethernet network for "foreign" devices.
By example, in my home I have a Verizon wireless router which essentially provides connectivity to the Internet. This router can be configured in several interesting and useful ways by the owner.
One important way is to create two or more separate networks that only pass traffic through the router and NOT to each other. If you trust a couple of your devices, then put those on your "trusted" sub-net; likewise, if you don;t know what the heck a device is really doing (or where it’s networking software came from ...China?), then limit it’s internet access to the other "UNTRUSTED" sub-net.
This is very effective, and easy to do with almost all ISP provided routers, if your ISP router can’t do this then buy an additional router (or firewall etc) that can and stick it in-between the ISP router and all your devices.
This strategy of "isolation" or network "segmentation" has an additional benefit and that is traffic management. High-bandwidth devices should send their traffic as directly to the ISPs router as possible, otherwise it adds to internal home-network congestion. So, in my house I have several separate and isolated networks, each has one or more wireless access points. The traffic from these separate networks can not cross network segments, it can only get directly to the ISP router. This alone makes my other segments unaffected by the congestion.