Keep one computer off network

[coexist]

Hello,
I have a Linksys WRT54G router that has four wired connections and two wireless connections. All of the machines connected need (and are) to communicate with one another but the new wireless connection should _never_ have access to any of the network resources allowed by the other machines.

Is having a separate workgroup specified on the wireless machine good enough to have it securely removed from my network?

Specific situation is I have a home office with four machines networked and one wireless laptop. My sister-in-law lives in the basement and I just got her a PC with a wireless card ... but she is not Internet/email savvy at all and I don't want her PC to be able to access any of my business machines (or have her acquired spyware, etc. infect my business network).

Thanks,

 

[aias]

since you created a workgroup -- try enabling a password/security ..

 

[site3op]

Simple solution: Since using a workgroup, you have to use same user name/password for access, make sure her machine has different user name. Having her on a different workgroup works too...

 

[thiggins]

Changing workgroup settings won't do anything to protect you from worms and other exploits that rely more on TCP/IP than they do Windows networking.

The most secure way to so this would be to get a managed switch with Virtual LAN (VLAN) capability. But those tend to be expensive.

More reasonable would be to put her behind her behind her own router. Not that expensive since routers are pretty cheap these days. See this article on TomsNetworking
How To: One Internet connection—Two Private LANs
http://www.tomsnetworking.com/Sections-article55.php

I used this setup with a local community center and it worked fine.

 

[blue68f100]

Some routers have access control. You can restrict access by ports with time restrictions if needed.

 

[folken]

Just give her computer a static IP and make it be in a DMZ. I think you can do that on that model of linksys (depending on the firmware version). Then it will be like her computer is on the same side of your network as the cable/dsl modem Completely outside your buisness network.
Just make sure that laptop has adequate virus/firewall protection as it will be outside the linksys firewall.

 

[thiggins]

Putting a machine in DMZ doesn't so anything to block LAN traffic. It will just eliminate that machine from being protected by the router firewall from inbound Internet traffic. Not a risk worth taking given all the nasties on the 'net today. And not a nice thing to do to your sister-in-law

Access control will just control a machine's access to Internet services and again, do nothing to block traffic between LAN machines.

 

[folken]

True, true. Putting it in a DMZ would probably end up being more a pain for coexist than his sister in law, lol. Constant cleaning
Getting the 3 routers to have two private lans would probably be the most secure and cheapest way to go.

A managed switch is sometimes worth the extra money for the fun value. VLANs + little brother = fun times

 

[thiggins]

Yeah. I know my first reaction to using multiple routers was that it was too expensive, but for well under $100 (lower if you catch a sale) you'll have two, really separate LANs.

Cheapest thing I've seen with VLANs is the Linksys WET54GS5.
http://www.tomsnetworking.com/Reviews-167-ProdID-WET54GS5.php

Interesting mix of features, but too much $ ($140 and up).