Are your home security cameras vulnerable to hacking? - CNET
https://www.cnet.com/home/security/stop-home-security-camera-hacking/
Missed opportunity to educate here on what would be one of the best things you can do:
"Lakhani also suggested putting stand-alone security cameras on a network of their own."
Many people might read that and think it's recommend a separate *physical* network, and dismiss it because that's too complicated and expensive. What they are actually talking about is a VLAN, and newer routers are making that much easier than it used to be.
mmm hmmm...if they're WiFi and not hardwired, get an AP capable of doin SSID-to-VLAN mapping...put em on their own SSID, and dump em into their own VLAN segmented by firewall...then setup rules so you can get to them, but they can't get to you...
@opie
Doing that on DD-WRT is a bit of a cumbersome process, but it works. I hear Ubiquiti makes this quite simple.
For the average less-technical person who doesn't want to mess with manually creating bridges and iptables... Couldn't most people just use a new guest network? I think newer mass-market routers make that pretty easy, and if they are giving users a "network isolation" tick box, they have the firewall commands already set up behind the scenes, right?
@opie
The big limitation I've seen is that they may be limited to only one guest network, so you have to toss all your IoT things there, instead of segmenting further. Better than the alternative, though.
yeah, marshnet has 5 SSIDs in the wireless mesh
@voltronic
yeah, the "guest network" feature is essentially a shortcut to that config...guest can only go out to the internet, not to the internal network