Even in this dual-homed setup, there is still the potential for the cameras to infect, or otherwise compromise the recording server
I agree that this is a potential risk.
But if the cameras themselves can't route to the internet in this scenario then how are they infecting the recording server?
Is the suggestion that they come shipped from the factory with code to compromise common recording servers? It seems like that would be very significant and something that we'd be able to see in action.
My biggest concern with CCTV networks that I manage is some sort of backdoor access to the cameras themselves. So the dual-homed server design is exactly what I'd choose in order to control things.
There’s also no reason you can’t isolate the recording server too. Don’t let it initiate connections to the internet and limit incoming connections as much as possible. IE: Only allow connections from a specific VLAN or VPN client IP range.
Is the suggestion that they come shipped from the factory with code to compromise common recording servers?
Yes. While I have not seen it happen yet, there is plenty of precedent in cyber warfare tactics in general to have trojaned devices act in this way. The likelihood may be low, but it also very possible, and Hikivsion has already shown they cannot be trusted, so why risk it?
(not working in security) Say they do infect this recording server that is not connected to the Internet. So what then, how do they send this data elsewhere? It's just infected and sitting there?
It’s very common for the recording server to have some kind of WAN/internet connectivity in larger scale systems. At a minimum the recording server usually has access to other internal networks. Would be possible to execute something similar to the centrifuge attack to disable other systems, wipe data, etc. It doesn’t have to always involve internet access to do bad things.
I agree that this is a potential risk.
But if the cameras themselves can't route to the internet in this scenario then how are they infecting the recording server? Is the suggestion that they come shipped from the factory with code to compromise common recording servers? It seems like that would be very significant and something that we'd be able to see in action.
My biggest concern with CCTV networks that I manage is some sort of backdoor access to the cameras themselves. So the dual-homed server design is exactly what I'd choose in order to control things.