Missed opportunity to educate here on what would be one of the best things you can do:

"Lakhani also suggested putting stand-alone security cameras on a network of their own."

Many people might read that and think it's recommend a separate *physical* network, and dismiss it because that's too complicated and expensive. What they are actually talking about is a VLAN, and newer routers are making that much easier than it used to be.

@voltronic

mmm hmmm...if they're WiFi and not hardwired, get an AP capable of doin SSID-to-VLAN mapping...put em on their own SSID, and dump em into their own VLAN segmented by firewall...then setup rules so you can get to them, but they can't get to you...

@opie
Doing that on DD-WRT is a bit of a cumbersome process, but it works. I hear Ubiquiti makes this quite simple.

For the average less-technical person who doesn't want to mess with manually creating bridges and iptables... Couldn't most people just use a new guest network? I think newer mass-market routers make that pretty easy, and if they are giving users a "network isolation" tick box, they have the firewall commands already set up behind the scenes, right?

@voltronic

yeah, the "guest network" feature is essentially a shortcut to that config...guest can only go out to the internet, not to the internal network

@opie
The big limitation I've seen is that they may be limited to only one guest network, so you have to toss all your IoT things there, instead of segmenting further. Better than the alternative, though.

@corlin
Yes, and that's what I have going with my DD-WRT routers / APs. Flashing routers is probably well outside the comfort zone of the average person who has home security cameras, though.

@voltronic Probably natively - which is why they're on their own separate WiFi network, that only send video to an in-home server (which then makes it available via secure protocols,) and cannot directly access the internet.

Oh, and all of them are on the exterior of the house, none inside where they could hear inside conversations.

@ehurtley
You're doing it much better than I am. I have a Wyze cam that's in the living room to monitor the dogs. It's on a separate VLAN, but otherwise I use their remote access app.

@voltronic I don't use Wyze's own app, I have their beta firmware with RTSP enabled, sending it to an in-house server, which has security I can control. (That server also runs HomeBridge to make the cameras appear in Apple's HomeKit ecosystem, which has known-decent security. That server (a Mac mini in a cabinet) acts as "bridge" for all my IOT devices. If I find something going wrong, I can just turn off that server until I can investigate, instead of dealing with multiple separate devices.)

@ehurtley
Oh, I'll have to check this out, thanks! It looks like they just added RTSP support in September.

@voltronic Ooh, is it no longer beta? It used to require loading a beta firmware (that I've been running for over a year now.)

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.