Potential Security Threats with Exterior Network Cables

[mowgli]

I have a few ethernet cables running outside my small commercial property that are connected to the exterior IP cameras. These cables run to the server room inside the building where they're connected to the NVR, which is connected to my network switch and then to router/modem.

If someone were to unplug my exterior IP camera and use those cables, would it pose any security risk to other devices connected to my network? Is there something I should be doing to secure these exterior connections?

Thanks!

 

[frowertr]

If someone can physically reach up to an exterior camera, then it is fairly useless in the first place.

Yes, if they can unplug the cable from the camera and attach it to a laptop, they would have unfettered access to that LAN segment (at the very least) without VLANS or other port security methods in use.

Outside cable low enough for people to get their hands on it needs to be run in conduit and it needs to terminate in an area where it can't just be unplugged from the end device by any Joe Smoe.

 

[JackMDS]

1. As above post suggests, make sure that the connection are safe.

2. Give all outside connections Static IPs attached to their MAC numbers.

Many Router can provide this function. Example - http://www.tp-link.us/faq-170.html

 

[Ichinisan]

2. Give all outside connections Static IPs attached to their MAC numbers.

Many Router can provide this function. Example - http://www.tp-link.us/faq-170.html

Disabling DHCP might make it *slightly* more difficult for someone to plug-in and join your network. Making a DHCP reservation for the camera's MAC doesn't really disable automatic DHCP for the LAN.

For your own convenience, OP, you probably don't want to disable DHCP for the entire home network. That would be a huge hassle for you and your guests. If you could do the VLAN thing, you could make sure there's no DHCP on the LAN that your cameras are on. That still doesn't really prevent an intruder from manually-entering a valid IP address.

If you don't want to reconfigure DHCP reservations every time you change routers, just set your router's DHCP range to start with x.x.x.50 and use .49, .48, .47 etc for devices that have manual IP configuration. If you ever have to swap routers, just configure it with the same subnet / IP range and your manually-configured devices should continue to work. That can save time if you have several devices with manual IPs.

 

[mv2devnull]

Disabling DHCP might make it *slightly* more difficult for someone to plug-in and join your network. Making a DHCP reservation for the camera's MAC doesn't really disable automatic DHCP for the LAN.

A proper DHCP can be set to give addresses only to known MACs and nobody else, although that does not help much. Plug the camera into laptop and record its MAC, if it requests address. Then plug the laptop to cable and pretend to be camera. The DHCP cannot tell the difference.

Proper DHCP, firewall and router would be set to have the cameras in separate subnet, from where no traffic can enter the inside business subnet.

 

[JackMDS]

There is a Term Static IP, and another term DHCP IP Reservation.

I used the term Static IP which means - Static assignment of an IP in the TCP/IP properties out of the DHCP range.

 

[Ichinisan]

There is a Term Static IP, and another term DHCP IP Reservation.

I used the term Static IP which means - Static assignment of an IP in the TCP/IP properties out of the DHCP range.

"...attached to their MAC numbers."

That's the part that made it confusing...as if you were talking about DHCP reservation.