It’s an ethernet wire that’s going to be exiting my house and running to a camera in a publicly accessible space. An attacker could disconnect the camera, connect a laptop and access my network. How could I protect against that (other than a physical lock)? I basically want to lock down that cable to the point where nothing works on it unless it’s the intended camera. If this was wireless, I’d just use MAC filtering, but I don’t see an equivalent for wired connections.
1.) Ensure the camera is securely installed and the ethernet port is not exposed. Use tamper/security screws.
2A.) Enable MAC address filtering on your switch… but if someone is doing all this work they’re going to know to spoof the camera’s MAC address.
2B.) Setup 802.1x authentication if your camera(s)support it, this is more work but more work.
3.) Segment external cameras to their own vlan and use ACLs to restrict access.
4.) Monitor your network! Setup monitoring to see new devices are joining, switchport/camera going offline randomly. Then ensure all of these events go somewhere of your choice.
5.) Monitor you camera! You should definitely be getting alerts for motion if someone is close enough to disconnect the camera(s). Also you should have cameras watching each other’s back in terms of coverage.