Teardown of Ubiquiti Unifi Ethernet Surge Protector ETH-SP-G2

 I've recently been running some outdoor ethernet cables for an extra wifi access point and some IP cameras, so thought it was time to invest in some ethernet surge protectors.

Some quick research showed a fair choice of devices, ranging from £4 devices on eBay direct from China up to the APC PNET1GB ProtectNet at around £30 (and then they start getting really expensive - Farnell list many in the £100-£200 range).

The Unifi model sits somewhere in the middle (I managed to get them for about £10 each - about 14 USD at time of writing) so seemed a decent bet:

I couldn't find a teardown online though so was left curious as to exactly they do. They come apart relatively easily - the metal part just slides out, the difficultly is leveraging it out without damaging the plastic / thin metal and look like this inside:

Inside of ETH-SP-G2 Ethernet Surge Protector

The 8 round devices appear to be labelled "2R 90 19". I can't find that part number listed anywhere online but they are presumably gas discharge tube arresters. Each has one side connected to one of the RJ45 pins and the other side connected to the ground connection.

As with any kind of surge protection, the goal is to provide an easy path for the surge to follow so it doesn't get anywhere near the equipment you want to protect - so these seem to do what they say on the tin.

It's important to install them as per the instructions - noting in particular the requirement to provide an earth connection. This is done either via the included self-tapper if you're mounting earthed metal pole or with a flying earth lead with a tag on (attacks with an M5 nut/bolt, not supplied). I've seen a few pictures posted on forums of people's installs where there is no obvious earth connection to the surge protector, which isn't likely to work well - absolutely best case it'll do something if you're using shielded cable and the shield is earthed somewhere, worse case it'll be do nothing at all as there's nowhere for it to redirect the surge to.

It would generally be good practice to use shielded cables/connectors and to fit surge protectors at both ends of the cable - but as long as you fit the surge protector soon after the cable enters the building and have earthed it properly, it'll be giving some protection.

Collection of app2app articles/presentations

This is a list of links to the various articles/presentations on app2app I've done or been involved with:

My original 2019 blog post on app2app, as re-blogged by OpenID Foundation

2020 Presentation at Identiverse

2020 Presentation at OAuth Security Workshop (the first approximately 10 minutes overlaps with the Identiverse presentation, the remainder cover different areas)

Joint yes.com and Authlete blog on Improving app-to-app security

OpenID Foundation announcement of FAPI-RW App2app Certification Programme

OpenID Foundation Instructions on running FAPI-RW app2app certification

And some example videos showing the flow:

Example app2app flow using Authlete's authorization server backend product

Example app2app flow paying into Monzo from HSBC

Example web2app flow paying HMRC from HSBC

I also run training courses on app2app that go into more detail on the implementation, best practices, common patterns (and anti-patterns) and potential problems - an initial 90 minute training session plus workshops as necessary, particularly useful for banks that plan to implement app2app in their apps/authorization servers. Please drop me an email if you're interested.