A "tin foil hat" meaning that it does nothing? Or that people that wear that hat think that there is some threat that is not present? Like a crazy person or something?
I understand that you do not have your cams going through the router. That is what we recommend here. Some in this thread may have missed your original statement about that. But those switches go back to the router, no? So the cams do have 'potential' access to the internet. If someone was to gain entry past your router, then the cams are exposed.
Any IoT device is prone to hacking, as has been proven and documented in many, many posts on this and other forums and blogs. A router that blocks access to the internet for specific MAC addresses on your network is one line of defense. But that line has been hacked often, not yours in particular but in general. I have seen numerous 'security updates' for my routers come and go. Of course I take those updates. I have read numerous articles about routers being hacked and it takin the vendor months to do something about it, if ever. So that tells me that NOTHING on the internet is safe from hacking.
So having my cams
physically isolated from the internet is another layer of defense that I feel is the best for me. Others use VLANs to achieve isolation, but it is not quite the same thing. They are separated from the internet by software, which has vulnerabilities.
Sure the BI computer is also connected to the internet, but not using the same NIC or the same subnet. I suppose that someone could gain access through my router, then into my BI PC on the LAN, then somehow gain access to my cams. But that still would not allow them to be used in a DOS attack since they still do not have access to the internet. A hacker cannot connect my cams to the router and therefore the internet without physically being in my home. Which means a physical attack on my home and I have other defenses in place to counter that.
Do what you like. But for me it was only $31 for a NIC on the BI PC and use of the second ethernet port on my office PC. Very simple to set up and no maintenance involved. No additional learning about something (VLANs) that I will only use once. No relying on the router and making sure that my settings are correct and maybe having to do it all over again when a new router is needed or a firmware update smurfs up the settings.