1.) Ensure the camera is securely installed and the ethernet port is not exposed. Use tamper/security screws.
2A.) Enable MAC address filtering on your switch… but if someone is doing all this work they’re going to know to spoof the camera’s MAC address.
2B.) Setup 802.1x authentication if your camera(s)support it, this is more work but more work.
3.) Segment external cameras to their own vlan and use ACLs to restrict access.
4.) Monitor your network! Setup monitoring to see new devices are joining, switchport/camera going offline randomly. Then ensure all of these events go somewhere of your choice.
5.) Monitor you camera!
You should definitely be getting alerts for motion if someone is close enough to disconnect the camera(s). Also you should have cameras watching each other’s back in terms of coverage.
1.) Ensure the camera is securely installed and the ethernet port is not exposed. Use tamper/security screws.
2A.) Enable MAC address filtering on your switch… but if someone is doing all this work they’re going to know to spoof the camera’s MAC address.
2B.) Setup 802.1x authentication if your camera(s)support it, this is more work but more work.
3.) Segment external cameras to their own vlan and use ACLs to restrict access.
4.) Monitor your network! Setup monitoring to see new devices are joining, switchport/camera going offline randomly. Then ensure all of these events go somewhere of your choice.
5.) Monitor you camera! You should definitely be getting alerts for motion if someone is close enough to disconnect the camera(s). Also you should have cameras watching each other’s back in terms of coverage.