New setup

[GSMarquis]

I have purchased an additional 24 port poe manageable switch L2 with a few L3 options. I will be running both this switch plus a dumb 24 port for all other devices. I have a Dahua 32ch NA06-4K with two gbit uplinks. I will use one to connect to the poe switch uplink and one to connect to my router.

Looking for best setup to minimize attacks on ip cams.

Thinking about making the ipcam network a separate vlan. Enable ACL with ips and MAC filtering. So the only way into the NVR is with a uncommon port along with allowable MAC only.

Any thoughts?

 

[Hammerhead786]

Don't expose the camera network to the internet. Use a VPN when connecting to the network from outside of your home network. Don't open any ports or do any type of port forwarding. Since you're using a L3 capable POE switch use inter-vlan routing and have your cameras and NVR on separate vlans. Take a look at the attached document as this is how I have my network configured so I can only access the cameras from my home network via VPN when I'm out and about.

 

[GSMarquis]

It is a Netgear FS728tpV2. The price was right at $50.

 

[looney2ns]

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk