The Co-op is to ban the use of Chinese CCTV in its supermarkets after warnings over ethical concerns and security risks. The company – the fifth-biggest food retailer in the UK, with 2,500 stores nationwide – is to phase out all CCTV cameras from the Chinese firm Hikvision.

  • eltimablo@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    It still allows them access to the rest of your LAN, potentially. Even if you’ve got them on their own subnet, vlan escape is a thing and mistakes happen.

    • Platform27
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m not talking VLANs, although that is an option. I’m talking about completely blocking WAN access. You could also detect the IPs it’s connecting to, and block them across all your devices.

      • eltimablo@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        It’s really hard to block WAN access from only a couple devices without putting them on their own physical network that nobody, not even authorized personnel, can access. A determined enough attacker can and will find a way to make a connection through all the hops and firewalls you add, and if there’s even a single circuitous route from the cameras to the internet, they have a chance of finding it.

        That’s also ignoring the potential for there to be a wireless transmitter like Lora built in.

        • Platform27
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Let’s be honest here, no system is perfect. Whether it’s devices from China, USA, or here in the UK. Even if it’s properly secure today, it might not be tomorrow. You just need to mitigate risk. There is always something. As for easy/hard to do something… that’s relatively simple in even prosumer software (nevermind Enterprise). 5 minutes in Unifi, or Pf/OpenSense, is all it takes.