I have 2 routers, and have some IP cameras and other gadgets that aren't considered the most secure that I want to be able to open up to WAN access. I want to find the safest way to segregate them from other more important computers in my network, so that in case someone were to hack into one of those devices, they couldn't do mitm or other attacks on my main pc's in the network.
I looked into setting up a DMZ, however if I'm not mistaken, isn't the DMZ portion basically all open ports and almost no security? I'd really want the first network to still have normal full security, including obscure ports, maybe port knocking. And the second network with the main PC's also be full security, most likely with zero open ports. Is there a name for this type of network (so I can better google it)?
Would that really achieve what I'm looking to achieve, or would there still be vulnerabilities, such as perhaps someone still doing a MITM attack, by being the mitm between both routers, making it not worth the effort? And would I still be able to access devices across both networks? Like access both routers admin pages from the same PC, or access all the IP cameras from the opposite half of the network?
I looked into setting up a DMZ, however if I'm not mistaken, isn't the DMZ portion basically all open ports and almost no security? I'd really want the first network to still have normal full security, including obscure ports, maybe port knocking. And the second network with the main PC's also be full security, most likely with zero open ports. Is there a name for this type of network (so I can better google it)?
Would that really achieve what I'm looking to achieve, or would there still be vulnerabilities, such as perhaps someone still doing a MITM attack, by being the mitm between both routers, making it not worth the effort? And would I still be able to access devices across both networks? Like access both routers admin pages from the same PC, or access all the IP cameras from the opposite half of the network?
