04-24-2019 06:45 PM
I was advised to bring this question to this forum, looking for some advice.
I am going to buy/install a unifi wifi/camera system in my home. I had PoE lines run on the outside to install a few G3 cameras. It occured to me today as I was planning the installation, is the cat6 line running to the camera a security exposure ?
Someone can pretty easily get a small ladder, remove my G3 camera and use the now exposed cat6 ethernet line to connect into my wired network ?
Can the Unifi switch somehow limit traffic on that line to camera traffic ? How does one secure their network ? I am not a security expert, so unsure if I'm asking the right question at all.
Thanks for any insight.
04-24-2019 07:03 PM
From a thiefs perspective, time is money...literally. Why would they bother trying to tap your wired network from the outside?! This seems futile at best.
But to answer your question, you need to put your NVR and cameras on their own dedicated VLAN. This requires configuration on your switch AND your gateway (it's dead simple if you have a USG). Set up firewall rules to block traffic from the camera network to your internal "trusted" network. Really the only device that needs internet access on your camera network IS your NVR. Join the NVR to the Ubiquiti SSO portal for NAT traversal and you're set.