It’s an ethernet wire that’s going to be exiting my house and running to a camera in a publicly accessible space. An attacker could disconnect the camera, connect a laptop and access my network. How could I protect against that (other than a physical lock)? I basically want to lock down that cable to the point where nothing works on it unless it’s the intended camera. If this was wireless, I’d just use MAC filtering, but I don’t see an equivalent for wired connections.

  • WankelWanka@alien.top
    cake
    B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Well, what is the risk here exactly?

    Are you worried about them accessing your network resources? If so - why are they open slather anyway - you really should be using strong authentication methods on networked equipment.

    If you’re worried about them sniffing your network - just how long do you think someone is going to spend sitting outside your house with a laptop to do so?

    You could setup some sort of monitoring device so that if the camera goes offline you get notified.

    Doesn’t your camera give motion alerts?

    • LMF5000@alien.top
      cake
      OPB
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      It’s actually a DVR connected to 6 cameras, but the DVR physically resides in a neighbor’s garage (long story). I’m concerned someone in the neighbor’s garage could potentially disconnect the cable, plug in an unmanaged switch and put the DVR in the switch, then use my internet connection for potentially illegal activity - so I want to make sure that only the DVR can actually access my network from the wire and absolutely nothing else.

      • pLeThOrAx@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Whitelist against the mac id? Sounds like a lot of work though, adding new devices etc.

      • niteofknee@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Maybe look into a lockable network cabinet that you could put the DVR in. This would add a layer of physical security instead of diving into network security. For added security, run the network cable in conduit to prevent someone from cutting the cable outside the cabinet.

      • WankelWanka@alien.top
        cake
        B
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Right. That’s different, it originally read as if the port was hanging off the side of your house.

        What you need is a managed switch, firewall and vlans. Segregate the NVR and Cameras to a separate network, the port to the camera in the garage on the switch gets configured to the secured VLAN. Even if an unmanaged switch connects it’ll be stuck in that vlan. A good switch will also detect that switch connection and shut it down.

        And then only allow specific devices on your “internet” vlan contact the NVR. This will stop anyone connecting to that port and accessing other parts of the network.

        • LMF5000@alien.top
          cake
          OPB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Thanks, I think I understand now. Any idea of the cheapest kind of switch that will do this?

          • WankelWanka@alien.top
            cake
            B
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Switch - look at a second hand Cisco 3560e or x. You could even go one of the C3560CG-8PC 8 port switches if you can’t go a full rack mount option.

            Router / firewall you could use a second hand mikrotik 750 or 951