The UK Home Automation Archive

Archive Home

Group Home

Search Archive
Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: [OT] ish Router Advice (dual network isolation)

Subject: Re: [OT] ish Router Advice (dual network isolation)
From: "domdevitto" <dom@xxxxxxxxxxx>
Date: Sat, 02 Jun 2007 21:30:02 -0000

Realistically, this level of security is pretty hard:
Technically it's somewhere between 'Competent Hacker' and 'Foreign
Intelligence Service'.  Hackers wouldn't normally get into your home,
and I doubt this guy is going to torture you/your family to get access
to your 'segment'.

So this is tricky, especially as you both want security.

Realistically, I'd just back him off from the Vigor with the Linksys
(but make sure it's physically and logically secured), to protect
against layer-2 attacks (ARP poisoning etc.).
Protect the management interfaces of the Linksys and Vigor, with good,
long, random passwords.

Everything is hackable - he could tempest your devices, snoop your
wireless keyboard/mouse etc. etc, but the above would be pretty secure
assuming he's not really determined, prepared or talented.

Frankly, I'd ensure your PC screensaver prompts for a (good) password,
and likewise when you resume from hibernate/suspend, etc. etc.

Dom
--- In ukha_d@xxxxxxx, Kevin Hawkins <lists@...> wrote:
>
> Having never needed so far to do this before... I'll ask...
>
> I have a visitor staying for a few months who would like to use the
> internet and has a couple of PC's / devices . I would like to
> 'absolutely' isolate my home intranet from his by putting him on a
> totally separate subnet such that he can't see or access any of my
> devices (and vv)  but so he can still access the internet via my cable
> connection. He wont have physical access to my wired segment but he
> would prefer his own wired segment to wireless.  He's quite
technically
> savvy and so well capable of altering his configured Ip or subnet to
> broaden it so can I do this securely using fairly standard routers and
> switches - or do I need a specific dual network interface type ?
>
> Current setup: I have a cable modem which attaches to a Vigor 2900VG
and
> then I distribute to either some NetGear FSM726S managed switches or
> Dell PowerConnect 2724 Managed switches.  I use WiFi from the 2900VG
> too. I use NAT provided by the cable router and I do have a spare
> Linksys router BEFSR41 if that helps.
>
> If he want's VPN does that cause an issue ?
>
>   K
>

Prev by Message: RE: Re: [OT] Backups
Next by Message: Fw: Re: Network media player
Previous by thread: Re: [OT] ish Router Advice (dual network isolation)
Next by thread: Re: [OT] ish Router Advice (dual network isolation)
Index(es):
- Message
- Thread

UKHA_D Main Index | UKHA_D Thread Index | UKHA_D Home | Archives Home

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.