←back to thread

257 points voxadam | 1 comments | | HN request time: 0.306s | source
Show context
skopje ◴[] No.45663732[source]
PoE is awesome. My custom home security system is all CCTV PoE with a gstreamer backend running on four-core fanless linux box. Way to go. Complete control. No batteries, no wares spying on me, no personal data getting scraped by big guys. (Cloud connectivity sucks because I have segmented mp4s and jogging through them hurts but I only care for events after they happen, not while they happen.)
replies(6): >>45663770 #>>45664711 #>>45664915 #>>45665099 #>>45665193 #>>45667449 #
benhurmarcel ◴[] No.45667449[source]
If one of those cameras is outside, did you consider the case of someone plugging in his laptop on that ethernet cable? He'd be on your local network.
replies(6): >>45667551 #>>45667567 #>>45667989 #>>45669412 #>>45671399 #>>45672136 #
transpute ◴[] No.45667989[source]
MACsec, https://forum.openwrt.org/t/macsec-802-1ae-with-802-1x-eapol...
replies(1): >>45668639 #
bc569a80a344f9c ◴[] No.45668639[source]
MACSec is irrelevant for this purpose. MACSec encrypts points to point links, it doesn’t authenticate. That’s what 802.1x is for.
replies(1): >>45670987 #
RationPhantoms ◴[] No.45670987[source]
No it isn't. Most MACsec-capable platforms have a "must-secure" or "should-secure" transmission mode.

If the security association isn't completed on a "must-secure" configured port then no traffic is transmitted. One would need access to the pre-shared keys to successfully use the link.

Now, could one perform a side-channel attack of the memory on the camera and get access to them? Maybe.

replies(2): >>45672024 #>>45682432 #
1. graealex ◴[] No.45682432[source]
What's everyone here talking about?

The absolute low-tech solution would be to dedicate a switch for it.

If you have decent infrastructure with a managed switch, you can easily create a VLAN.

Besides the fact that the female RJ45 is usually inside the dwelling. You'd have to unmount the camera, pull out the cables and connect to it, all at typical heights of 6' and above. That's maybe a concern in commercial setups, although then we're circling back to VLAN.