[Question] Protecting outdoor LAN port from infiltration?
If you have an outdoor Ethernet port—in my case with a WiFi AP connected—how can you go about protecting your network from somebody jacking in?
Is there a way to bind that port to only an approved device? I figured a firewall rule to only allow traffic to and from the WiFi AP IP address, but would that also prevent traffic from reaching any wireless clients connected to the AP?
Edit: For more context, my router is a Ubiquiti UDM and the AP is also Unifi AP
The standard directly addresses an attack technique called Hardware Addition where an attacker posing as a guest, customer or staff smuggles a hacking device into the building that they then plug into the network giving them full access.
You could probably do an automation with home assistant to disable the report if the device gets unplugged, notify you about it, then require to you approve / re-enable the port.
This of course would require the service to be running, but combined with MAC filtering and placing it on an untrusted VLAN that's probably the best you could do.