Not that this needs to be said in 2025, but please consider removing big-tech automation gadgets, especially the voice activated ones and video cameras. Id personally appreciate it if you considered not using Ring or similar outdoor equipment to spy on your neighborhood and send the video data to big tech and law enforcement without anyone's consent.
Discussion
every day is a good day to stop basing your life around closed source firmware based devices with sensors and network connections that you don't have any real control over except for turning them off, and ideally, putting them in a metal container or wrapping them in metal foil
I'm willing to bet it's recording more than just what's said to it as well.
It's borderline insanity that people have these surveillance devices in their homes and on their bodies 24/7.
And you're part of the out-group if you don't.
I'm putting up some cameras on my property. It was harder than it should be to get a camera that doesn't send video straight to some cloud. Not impossible, but harder than it should be.
I got a lot of those Wyze (Xaoumi) box cameras from Microcenter super super cheap open box. I loaded some custom firmware to them added dedicated access points and a private network, and used BlueIris at my last place. Worked great when it worked.
They are still super easy to hijack though. Since it's just a wild rtsp stream, proximity, some scripts and your neighbors can (pretty far ones if you live in the sticks) can spy on them. Had a buddy who was a real life hacker-man send me a picture of him watching the front of our house from his car parked in the next neighborhood just to prove a point XD
Yeah, I'm a ham and I work in wireless communications. My cameras will all be wired with no exceptions.
Amcrest wired IP cameras connected to a Synology with surveillance center on a vlan. Need to get a dedicated switch for them. I do have their doorbell camera over wifi, but that one is a royal pain. Thinking about adding another wired camera to the front and just get a normal doorbell.
Ah another vote for Amcrest! Yeah if you can afford to make it happen, a physically separate network is definitely the way to go!
I forgot that I actually do have a small poe+ switch for the cameras. I need a router with more interfaces though. I vlan all the crap I don't want talking to other things. I wish I could define a lan where anything on it had 0 permission to talk to anyone at all, even peers. Don't speak unless spoken to.
Maybe some fancy switches can do that.
I think this can be done at l2, I have heard of something like that but anytime you have tagged traffic access you can hijack a connection. Which I assume is the case for your hypervisor hosts (it is for mine) I need to be able to put VMs on certain vlans and the host needs to be isolated. So at that point it doesn't really matter what you do if anything on l2 can access it if it wants to.