Hello everyone.
For our new build (single-family house), I am planning a network cabinet. A total of 13 Cat7 cables will terminate in the utility room.
I would like to store the router, switch, patch panel, and a power strip inside the cabinet.
The provider will supply a FritzBox 7590 AX. In my shopping cart, I currently have a 10" switch, 10" patch panel, and 10" power strip. What wall-mounted cabinet would you recommend? I am currently considering a 10" cabinet with 6U of rack space.
We will also have outdoor cameras and a doorbell with PoE. I would prefer to store the data centrally instead of on the camera’s SD card. What kind of system would you suggest for this? The hardware should ideally also fit inside the cabinet.
Best regards
For our new build (single-family house), I am planning a network cabinet. A total of 13 Cat7 cables will terminate in the utility room.
I would like to store the router, switch, patch panel, and a power strip inside the cabinet.
The provider will supply a FritzBox 7590 AX. In my shopping cart, I currently have a 10" switch, 10" patch panel, and 10" power strip. What wall-mounted cabinet would you recommend? I am currently considering a 10" cabinet with 6U of rack space.
We will also have outdoor cameras and a doorbell with PoE. I would prefer to store the data centrally instead of on the camera’s SD card. What kind of system would you suggest for this? The hardware should ideally also fit inside the cabinet.
Best regards
sysrun80 schrieb:
Radius is really almost too much. 😉 But you should definitely have a MAC filter and a closed firewall for these ports if cables run outside the house. Yes, that’s why I started my comment with “that goes beyond the scope.” You can skip the MAC filter since anyone trying that will definitely know how to change their MAC address. Since the allowed MAC is stored on the access point, which will be removed anyway, it’s even easier to bypass.
If you’re a professional and know how to implement it, you should definitely use RADIUS.
Edit: This was mainly addressed to the techies here in the forum. They tend to have more insecure network participants, which pose potential vulnerabilities. Simply because they connect and test far more devices, and there is probably always a completely open Linux system with outdated libraries somewhere in their network. For the average user, this is probably unnecessary but it doesn’t hurt to familiarize yourself with it.
jrth2151 schrieb:
This might be a bit beyond the usual scope and could seem overly cautious, but I personally recommend adding RADIUS authentication for the switch ports that connect to the access points. Most managed switches support at least a basic form of this. If you buy a 24-port switch, it probably has this feature as well. Otherwise, just check the datasheet. The manual usually explains how to configure it.
This ensures that no device other than the access point can be connected to the network cable. Otherwise, anyone could connect their own device to the cable and compromise your network. Of course, someone would have to enter your garden and physically remove the access point first. It’s unlikely, but it’s a possibility. We are implementing this because we have several LAN cables run outside (for doorbell, access point, electric vehicle charging station, garden shed, etc.). That already sounds quite impressive.
I’ve been considering mounting the access point under the eaves exactly at the corner of the house. This way, it will cover about two-thirds of the garden quite well.
sysrun80 schrieb:
Radius is really almost too much. 😉 But a MAC filter and a closed firewall for these ports should definitely be in place if cables run outside the house.The cables run outside in the soffit at a good height.
I'll take the advice into account.
D
DaGoodness28 Aug 2023 16:21So, cars have already been stolen from in front of our house, and there have also been burglaries to steal valuables. But someone walking around with a laptop looking for an external network socket on houses to plug into and… well, what exactly would they do then??? Sit there for an hour scanning the network for devices with useful data? It’s much easier for the average burglar to just take the TV and turn it into cash 😀
Rhyem86 schrieb:
That already sounds quite spectacular.
I’ve been thinking about mounting the access point under the eaves exactly at the corner of the house. That way it would cover about two-thirds of the garden really well. With IT security, it’s always a bit like insurance. Ideally, nothing ever happens, but if something does, you’re glad to have it. How likely that is, everyone has to decide for themselves.
But yes, getting to the eaves can be tricky. You’re probably safer there than we are, since our LAN cables are at the height of the charging station.
DaGoodness schrieb:
Well, for us, cars have already been stolen in front of the door and there have also been break-ins to steal valuables.
But someone walking around the houses with a laptop looking for an external network outlet to plug into and… well, what exactly are they hoping to do??? Sit there for an hour scanning the network for devices with useful data?
For the average burglar, it’s easier to just take the TV and turn it into cash 😀 You say it so simply, but if you think about what can be done with that access, it ranges from people turning your hardware into bots, injecting Trojans to take over your online banking, to antisocial youths desperately wanting pictures of your daughter. It’s all happened before, and a sharp young person can learn the necessary skills quickly.
Nowadays, people tend to be less cautious because everything seems so mature. But you don’t really believe that the robot vacuum with a camera roaming through your house is truly secure, do you? That’s why it’s important to keep the network as secure as possible.
Similar topics