Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,828
- Reaction score
- 6,386
What I was saying is that a dual-homed architecture in and of itself (alone) isn't a solution for isolating/segregating networks generally. In fact, what you're effectively doing with a dual-homed host is bridging the two networks at that machine. In this case bridging higher and lower security zones which are intended to be isolated. That can be done well as in the case of a dedicated firewall which is hardened and intended for that purpose or not so well in the case of any old random machine just relying on the OS and running whatever with whatever vulnerabilities that may exist. It's only '100% certain' to the extent that things play nice and nothing tries any harder than simply following standard networking as it should. Exactly why, for example, Stuxnet, Wannacry, and various other viruses/worms/pivoting exploits specifically target dual-homed hosts in order to infiltrate across interfaces and into process control and other systems on the other side.
BUT that said and as I said above, for home use it's a reasonable way to isolate cameras and a lot better than just tossing whatever out there on your net. Not really going to fly as far as any best practices otherwise though.
