POE doorbell security

Daniel-W · May 11, 2023, 9:19am

Hi

Not directly Home Assistant related yet but this is the first step.

I am looking to install a Reolink POE doorbell and having very little network knowledge was unsure if there is a security risk having an ethernet cable running into the back of the doorbell. If someone were to remove the doorbell they would have access to the ethernet cable, could they then access devices and data on my network? Should there be any security steps I should take when installing security via ethernet outside?

For further information I have not decided yet if i’m using an nvr or a nas to record the video, I know i want it to be local and avoid the cloud, and I will certainly be running it through Home Assistant and want to receive the usual notifications and possibly run a few automations based on doorbell ring or presence detection.

Any network security help would be appreciated.

Thanks

Dan

tom_l · May 11, 2023, 9:25am

I mean it’s possible but how probable is it in the area in which you live?

e.g. Around here it is exceedingly more likely that a brick will be used to gain access to the house.

Also keep in mind that someone who wants to gain access that way would be in plain view of the camera before they could get access.

If it is a likely scenario then you can segment your network with VLANs.

Daniel-W · May 11, 2023, 10:36am

Ah yes I appreciate it’s unlikely, I just wasn’t sure of best practice when setting up

orange-assistant · May 11, 2023, 11:41am

Best practice would be not expose your network to the “outside” without taking extra measurements like encryption and authentication. While this is the “default” for WPAx WIFI’s the ordinary ethernet is missing this.

Ether only provide power (the P in PoE) over the cable and use wifi for coms or implement at least some authentication if you prefer the wires. You also wanna make sure that the ethernet is not (too) easy accessible - maybe by using some security screws or so

Daniel-W · May 11, 2023, 2:12pm

I just find video doorbells only require a paperclip to remove from the mount so the screws are largely irrelevant. I’m probably being overly cautious as someone plugging in a laptop outside my house to the ethernet would be quite obvious

Daniel-W · May 11, 2023, 2:14pm

Thank you for coming back so quickly on this.

I was going to avoid WiFi because whilst I have a strong WIFI connection I’m certain some delivery companies have used WiFi blockers in the past as some events doesn’t get recorded correctly.

Protoncek · May 11, 2023, 3:00pm

Some doorbells have tamper switch. Connect that to your alarm system, or just to a powefull siren. Anyone who will unscrew doorbell will trigger it.

Daniel-W · May 11, 2023, 3:16pm

Ok I’ll check if Reolink does before I buy it

brucek1642 · May 11, 2023, 3:25pm

I have a Unifi Poe switch, so I have created a mac address filter on the port that goes to the camera. That way the link only works with that one mac address… if someone was to plug in another device it would not work.

Daniel-W · May 11, 2023, 3:45pm

Sounds ideal, I’ll look into this as I’m not that network savvy so will need to find a tutorial on setting that up

Protoncek · May 11, 2023, 3:49pm

Well, that is some protection, but bear in mind that mac of network card can be easily changed in laptop…
Regarding tamper switch: if unit doesn’t have it you can add any microswitch, it will also do it’s job.

brucek1642 · May 11, 2023, 7:44pm

Check out

about 3 minutes in to the video, gives pros and cons of this approach

Daniel-W · May 11, 2023, 9:39pm

Thank you, that made it really clear. I was looking at the Netgear GS308EP managed poe switch on Amazon which looks like it’ll do just that