Planning network cabinet and home server

Radius is really almost too much. ;) But you should definitely have MAC filtering and a closed firewall for these ports if cables run outside the house

Yes, that’s why I started the comment with "that exceeds the scope." You can skip the MAC filter because anyone who tries that definitely knows how to change their MAC address. Since the allowed MAC is registered on the access point, which is being removed, it’s obviously even easier. If you are a professional and know how to implement it, you should definitely use RADIUS. Edit: this was more addressed to the techies here in the forum. They also tend to have more insecure network participants who present potential vulnerabilities. Simply because they connect and try out a lot more, and there is probably always a completely open Linux with old libraries somewhere in the network. As an average user, you probably don’t need this, but it doesn’t hurt to deal with it once in a while.

This is now somewhat beyond the scope and may be unnecessarily paranoid, but I personally also recommend a Radius authentication for the switch ports that lead outside to the APs. Most managed switches support at least a simple form of this. If you buy a 24-port switch, it probably supports it as well. Otherwise, just take a look at the datasheet. The manual usually also explains how to configure it. This ensures that no device other than the access point can be connected to the network cable. Otherwise, anyone can plug the cable into their computer and compromise your network. However, someone would have to enter your garden and remove the access point for that to happen. An unlikely scenario, but the possibility exists. We will implement this because we have run several LAN cables outside (doorbell, access point, wallbox, garden shed, etc.).

That already sounds quite spectacular I have considered mounting the access point now under the eaves exactly at the corner of the house. Then it covers two-thirds of the garden well.

Radius is really almost too much. ;) But you should definitely have MAC filtering and a closed firewall for these ports if cables run outside the house

Cables run outside in the roof box at a good height. But I will take the advice into account.

So cars have already been stolen from in front of our door and also broken into to steal valuables. But someone searching houses with a laptop for an external network socket to plug in and... yeah, what exactly to do??? Sit there for an hour looking through the network for devices with usable data? For the average burglar, it's easier to just take the TV and turn it into money :D

I looked at APs on voelkner

TP-LINK CPE210 for €36 or CPE510 for €46
Are they sufficient?

The Ubiquiti start at €75. I don't know the technical added value

That already sounds quite spectacular I have thought about mounting the access point now under the eaves box exactly at the corner of the house. Then it covers 2/3 of the garden well.

When it comes to IT security, it’s always a bit like insurance. Ideally, nothing should ever happen, but if something does happen, you’re glad to have it. Everyone has to consider for themselves how high the probability is. But yes, you first have to get to the eaves box. You’re probably safer there than we are, who also have the LAN cables at wallbox height.

Well, cars have already been stolen from in front of our door and there have also been break-ins to steal valuables. But someone walking around houses with a laptop looking for an external network socket to plug into and… yes, exactly what to do??? Sit there for an hour searching the network for devices with useful data? For the average burglar, it’s easier to just take the TV and turn it into cash :D

You say that so easily, but when you think about all you can do with it. The range goes from people using your hardware as bots, injecting trojans to take over your online banking, to antisocial youths who absolutely want pictures of your daughter. It has all happened before and an alert young person can quickly acquire the knowledge. Especially nowadays, people tend to be more careless because everything seems so advanced. But you don’t really believe the robot vacuum cleaner that drives through your house with a camera is really secure, do you? That’s why it’s important to keep the network as secure as possible.