We have a high end client that has had issues with security. We have seen evidence of outside people working to access his internal network and spoofing his DNS services. Also taking down his cameras with lazers and WiFi jammers. He has Apples and PCs. We have installed UniFi UDM-SE at both sites and setup firewall rules. We are now looking for a VPN service using wireguard to be able to have a changing location and IP address. I am looking for suggestions on how to secure the two locations better. I will also like to hire a PEN tester once we are done if anyone out there does this work.
I think you are on the right track. I would suggest 3 more things.
- Setting up multifactor auth where ever possible
- Evaluate the firewalls to make sure nothing is exposed to the internet unless it absolutely needs to be.
- Onsite patrolling security for the camera issues
No idea if the Unifi box can handle certificates but you should be using certificates on those IP cams over ethernet, forget about wifi. Basically everything connecting to the network ought to be certified, any devices (phones, tablets etc.) lost simply revoke the cert.
Definitely wired cameras. Won’t help with lights or lasers pointed at them, but will help prevent people from just jamming them with a “simple” RF generator. I’d put the cameras on a physically separate network, just in case someone jacks in through a cable, also in case they decide to “passively” monitor traffic on that cable by splitting the insulation and tapping in.
Also in most countries, jamming the wifi is probably a crime in and of itself. Same as jamming cell phones is a crime most places.
I love UniFi but there gear is not known for advanced firewall features. You need a different product. This would be my recommendation. I love Check Point, they make solid products. Netgate for a cheaper solution, etc.
In both homes? Do you have verified proof? Seems suspicious and unlikely.
DNS over TLS or vpn and wired cameras.