• rekabis@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    9 months ago

    And that’s why hardlining is still by far the best option available.

    1. Hardlined cameras need to be physically accessed and the cables snipped in order to disrupt them, and most cameras offering hardlining now feed Ethernet through their bases, providing additional protection.
    2. Most sub-20 camera systems can run for up to an hour or two on a 500VA UPS, and up to a week or more with PowerWall backups, defeating intentional power outages.
    3. A fully airgapped system can defeat any sort of direct Internet intrusion.
    4. Shielded Ethernet can help protect from crosstalk attacks provided they are correctly grounded with the appropriate switches.
    5. Hardware auth between cameras and the DVR can help defend against direct attacks via an unplugged cable or an open wall jack, in that only approved hardware can make the needed connections with either end.
    6. Encrypted communications between cameras and DVR can enhance the security of data across the wire.
    7. A brace of identical dummy cameras - similarly powered, if they have external indicators - alongside real ones will waste the time and effort of attackers who conduct physical attacks, while keeping recording-infrastructure needs to a minimum.
    8. Bonus if identical but “dark” Ethernet is similarly spoofed throughout the building, as not only will it confuse physical attackers, but it’ll also be already in-place for future communications-infrastructure improvements.
    9. DVR needs to be in a secured location, ideally fireproof. In combination with № 7 and № 8, a dummy DVR (with live screens showing actual content) can exist elsewhere to distract any physical attackers.

    Sure, this list isn’t 100% coverage, but it gets you nearly there with a minimum of effort.

      • rekabis@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        9 months ago

        If you are in the middle of a frame-off gut of a home, as I currently am, much of this is trivial to implement.

        Even my parent’s 1978 home, with it’s drop ceiling in the basement, would not make most of this all that much more difficult.

        • hydroptic@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          0
          ·
          9 months ago

          If you are in the middle of a frame-off gut of a home, as I currently am, much of this is trivial to implement.

          A notoriously low-effort endeavor in itself.

          “It’s doable with a minimum of effort as long as you have your house gutted down to the foundations” isn’t exactly the shining defense of “a minimum of effort” that I expected to read

          • GBU_28@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            9 months ago

            Go in your attic for 20 minutes. Throw some Ethernet around. You don’t even have to plug all of it in lol

            • Drusas@kbin.social
              link
              fedilink
              arrow-up
              0
              ·
              9 months ago

              Not all attics are that accessible. Mine is basically an above-house crawlspace full of insulation such that you need a mask.

            • Telodzrum@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              9 months ago

              I had to buy almost $500 of mdf to get around my attic well enough to pull cable for backhaul. It’s not as easy as you make it sound in a lot of cases.