Solved

One office suite with five offices inside, each office is a different small business, and one shared internet connection.

Hello,

I think I know how to solve this problem, as it is relatively basic, but I wanted to get a second (or more) opinion, just to be on the safe side.

The Office Suite in General and Set Up:




Where I Would LIke to Get a Second Opinion:
Since all 5 offices all physically plug into the same AT&T router, and all use the same WiFi access point, I am a little leary of this set up, since I work with confidential client data, and all offices are sharing the same network connection. Each office is just a separate node on the same LAN network behind a single router (if I remember my networking class correctly).

I never work from home, and I have no other offices and never will, so I have no need for a VPN. My office is locked, as is the office suite, so all equipment inside is not accessible to the other businesses in the office. I do not hosting anything in my office, as I have third parties for that, so I don't have an email/file, or any other kind of server running in my office. Therefore, I believe the physical security is there. Oh, finally, all I use in my own office is a laptop, and a printer, and I physically connect via USB to the printer.

But I am still paranoid because my client information is of utmost importance to me, since I fall under vague HIPAA regulations. I store nothing in "the cloud." I do use LuxSci to host my email and website, and they provide encrypted TLS to their server and webmail via internet. But I still want my internet traffic, whether I am doing research or literally anything, to be private from the other business in the office suite. Therein lies the challenge.

My plan was to simply use my office drop to connect to my own router which I will purchase on my own. So, I guess I am creating my own sub-net (sorry for any butchery of terminology - I used to work in IT a long time ago). The router will have a built in firewall (as they all do nowadays), and I am assuming that this would be sufficient. The firewall would block any outside access over the network from any of the other businesses, and the combination of NAT and TLS encryption would keep my internet browsing and email checking safe.

I am making the assumption that daisy chaining my personal router with the AT&T router will work, and that I want to NAT enabled. Is this correct?

Finally, I would like to have my own wireless, so I could also use my personal router to have my own personal access point. I wouldn't broadcast the SSID, I would use WPA2 (or whatever the latest is) to protect access to it, I would use a different frequency than the AT&T wireless so there is no performance degradation or signal problems, and I will probably use MAC filtering.

So, what do you think? Will this protect my business' connection and traffic via the shared single office connection from the other businesses? If I am missing something, or you have any other suggestions to make this bullet proof, and suggestions would be greatly appreciated! Thank you!
2 answers Last reply Best Answer
More about office suite offices inside office small business shared internet connection
  1. Your answer is about the best you can do. This will not keep your internet browsing safe, but then again a connection directly to the internet will not keep your browsing safe either. Usually the websites that matter have their own encryption anyway. The router will keep others from seeing your laptop and possibly hacking into it. Also your plan for wireless is sound (about the best you can do) with no broadcasting your SSID and possibly using MAC filtering.
    I think you have a good plan for what you need.
  2. Best answer
    Another level of security you can setup is to use NTFS file permissions on the files you're most concerned with. You can have it set so that you log in with one user account, but are prompted for credentials whenever you access a file, because you've created a second user account which is never logged in. That second account is used only to authenticate access to those files, so if someone/something were to gain access to your machine, they wouldn't be able to access the files, because they wouldn't know the credentials for the account that does have file access. Another layer you could consider.
Ask a new question

Read More

LAN Sharing Office Internet Connection Routers Business Computing Network Configuration Networking Internet Security