Modems with two Ethernet ports ?

[Elgato54]

Has anyone used a newer modem with two ethernet ports?
Would this be a more secure option to put BI and your cameras on a second dedicated network?
Thanks

 

[TonyR]

That's likely a modem/router combo (ISP furnished?) and I'd be surprised if they were configurable separately or as a VLAN. What is the make and model?

But that's not required any way to have BI on a separate network subnet; just install a second NIC in the BI server, put the cams on NIC #2 and BI's access to the Internet on NIC #1 on a different network subnet, as below:

 

[Elgato54]

That's likely a modem/router combo (ISP furnished?) and I'd be surprised if they were configurable separately or as a VLAN. What is the make and model?

But that's not required any way to have BI on a separate network subnet; just install a second NIC in the BI server, put the cams on NIC #2 and BI's access to the Internet on NIC #1 on a different network subnet, as below:

View attachment 141943

There are a couple of modems available with two ethernet ports. My understanding is that ISP's provide a second IP address for a fee.
Arris SB8200 and S33.
This diagram looks like it protects the network from camera access. Do you consider that the primary threat?
I realize that BI would need two nic's, one for the external network and one for internal access. Just not sure if it would be any more secure.
Thanks

 

[sebastiantombs]

Yes, the second NIC is there to keep the cameras off the local LAN and to isolate them from the Internet. That's more of an important thing, to me anyway, since cameras, surveillance cameras of all things, are notorious for "phoning home" and for security flaws in their firmware. That applies to literally every camera manufacturer out there, including Axis and other NDAA brands.

 

[TonyR]

This diagram looks like it protects the network from camera access. Do you consider that the primary threat?

As stated above by @sebastiantombs , keeping the cams off the 'net is the main goal, IMO.

 

[tech_junkie]

Has anyone used a newer modem with two ethernet ports?
Would this be a more secure option to put BI and your cameras on a second dedicated network?
Thanks

Have set up several networks with them. around here. Typically use one port to service ip phones and employee and guest wifi while the other port service the computer network.

I always ran a separate network for cameras. On a few occasions, I put a router in front of the lan of the NVR and ran a 2nd cam network.

But running a separate outside ip addresses doesn't require any additional Ethernet ports. But I can't justify a second ip just for cams since there is built in platform access in nvrs, and my isp either leases ip addresses individually or in blocks of four. But for something like blue Iris I can see that since I don't see a web platform source code you can load on a free web host and log in and redirected to the dynamic connection the BI server is hosted on. But there are security issues I would like to examine first before building a SSL CA cert server, but I think if you are really worried about someone already having a copy of the SSL cert people should regenerate their own self-signed on a computer not connected to any network. Plus regenerate all SSH encryption keys. I regenerate all the certs even though they are on sealed networks. About a decade ago I was cyber attacked by someone who had copies of the built in SSL cert my printer had on my home network. I had a talk with one of the computer science professors at the local university about it he said many don't notice it. I didn't notice it until I logged into the router and saw that device was using most of my internet bandwidth. He told me that any time if something has a self signed cert to regenerate a new one or risk this from happening. I was more impress that this rouge connection can bypass network firewalls, because the printer was behind two NATs.

 

[tech_junkie]

There are a couple of modems available with two ethernet ports. My understanding is that ISP's provide a second IP address for a fee.
Arris SB8200 and S33.
This diagram looks like it protects the network from camera access. Do you consider that the primary threat?
I realize that BI would need two nic's, one for the external network and one for internal access. Just not sure if it would be any more secure.
Thanks

two nics and this layout I would recommend as a minamum. Just don't bridge the connections. I wouldn't recommend installing it on a consumer OS like windows 10 or 11. Since I don't see a linux version, I would use windows server 2016 since that is an OS designed to be used for hosting as well as it not having the consumer back doors the hackers would know or figure out.

When I build up my BI computer, I'm going to use one of these so I can have 4 - 1Gb cam networks so I can connect 64 - 12Mp cameras and other high bandwidth cameras that will come along in the future.

 

[observant1]

64 - 12Mp cameras and other high bandwidth cameras that will come along in the future.

I've done 64 4k at several locations...but this sounds like serious stuff!

 

[observant1]

I only say that because sensor size and all the lighting crap can make 4k seem less impressive.

 

[tech_junkie]

64 - 12Mp cameras and other high bandwidth cameras that will come along in the future.

I've done 64 4k at several locations...but this sounds like serious stuff!

I figured on making something to put the software through its paces. 12MP cameras require a processor 2 to 3 times more powerful than the ones typically found in 8K 8Mp cams. Regardless of their output resolution (1080, 4K and 8K) So its seems I have to be selective with the selection.
I like the "universal NVR" concept where it doesn't matter what brand of camera I use. It just has to do it securely. Which is another set of tests I am going to put it through. It looks like the software is off to a good start, enough now to build a test platform for it.

Link to my NVR build: Blue Iris build with Mac Pro 2,1