Question ...

[redfive]

Hi folks, I've justy put my hands on a fairly simple system, six access points, five unmanaged 5P PoE + swithces, twenty'ish IoT devices, around dahua 16 ipcams and one 4216-4KS3 NVR (plus the client's personal devices). Everything is on a single flat network, Wired and Wireless, all managed by the ISP router (I'd say a simple TP-Link, with a custom fw). Scanning the pubblic ip address, I've found the 80, 443, 554, and some other opened ports, and forwared to the NVR.... Moreover, the P2P is active ...
Thougths ? (I mean, seriously ... )

 

[wittaj]

Those are fairly common ports open if you want email and internet to work lol. What you don't want is port forwarding the NVR IP address.

 

[redfive]

Let me rephrase, 30+ untrusted devices in a single broadcast domain, the same to which the personal devices belong ... and one of these untrusted devices (the NVR), directly exposed over the internet...