Internet Isolation - How important is it really?

[2charlie40delta]

I have a small Blue iris setup. seven cams, 4 Amcrest and 2 Dahua and some $39 chinese camera that I can't remember the name of. I've taken the advice that most on her offer about keeping them isolated from the interent.

All run off of an unmanaged POE switch that is connected to the BI rig, and the PC that I use every day, and that's it - no internet. I usually leave the BI rig off of the internet because I figured it offered an extra layer of safety, but it occurs to me that if a camera could tunnel through the BI PC it could probalby tunnel throgh my daily driver just as easy since i'm on the same switch. without me noticing just as easy. I haven't yet set up remote access, but I"m thinking about going through Zero Tier and I'm not sure how that will work unless I give the BI rig an ethernet connection to the internet.

So it occurs to me to ask if I should just connect the BI rig to the internet? v I have wireshark and Zenmap but I need a classs on both.

And also, what happens if I just connect the switch to the modem? like, will I just have some nosy chinese dudes looking at my yard? or is there some worm that's going to come try to ransom my other machines or try to steal my banking info?

 

[wittaj]

Having cameras connected and going thru the router can be a recipe for disaster - they just are not designed for that type of unbuffered video.

We have seen instances where a camera (intentionally by design or unintentionally?) would try to get out on the 192.168.1.1 subnet regardless of the IP address someone assigned the camera. So it is best to change the home IP subnet to a non-common one that cameras may try.

What is the IP address of the cameras, the BI rig, and the PC? IF they are all on the same subnet then they likely have access. How is the PC connected to this switch that you use everyday connected to the internet or is it?

The issue isn't your camera feed and nosy Chinese people - it is a hacker using your cameras to DDoS the internet and use your ISP to do it so you get in trouble for the attack. Or they try to get your banking info.

 

[looney2ns]

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[alastairstevenson]

All run off of an unmanaged POE switch that is connected to the BI rig, and the PC that I use every day, and that's it - no internet.

I'm puzzling a bit over what you've described about how the devices are connected.
It sounds like the cameras, BI PC, and general-purpose PC are all connected to the unmanaged switch.
You've not mentioned a dual NIC for the BI PC, and if so, that would need a separate switch.
And I'm assuming the general-purpose is used to browse internet web pages, do email etc, if so there must be a connection from the switch to your ISP router.

I've taken the advice that most on her offer about keeping them isolated from the interent.

So it's not clear to me how you have achieved that.
Unless the general-purpose PC is not used for internet web browsing or emails and is internal only, and there is no connection from the unmanaged switch to the ISP router.