If the person gets onto the same lan yes they can scan but if the cams are on a separate lan then without any routing they can scan all they like. In my case the only way to access the cams is via the BI pc so they’d need to get onto that before they could access the cams.
On another note, does this sort of thing actually happen on a domestic installation? Can’t see why a hacker would even want to waste their time unless it’s just for laughs.
One little botnet is indeed for the laughs, but imagine 10.000 "smart"fridges colliding into a botnet to some federal institution. That an "evil" laugh
But then again, I fully agree with you: dual nic is much easier, yet if you want to configure a cam without "screen" access to the BI pc, you are "lacking" flexibility. And yes, you could do RDP on that BI pc, but then you have to "open services" on that BI pc which makes that again "high" vulnerable. I already wrote it many times on this forum, and to
@TL1096r : there is no
ideal networking configuration, it all depends on the requirements, the budget, the flexibility, the learning curve etc. Yes, an 8th grader could setup a dual nic BI pc setup and be satisfied with it, going for vlans and managed switches is not something you would do a Sunday afternoon if you never had seen a single firewall rule, nor TCPIP stack configurations.