I‘ve been doing some home remodeling and took advantage of the destruction to run lots of wiring all about. At this point I have fifteen CAT 5e cables running from a centrally located hall closet (with ac power outlets) into the attic and to one or more wall plates in nearly every room of the house. Additionally, I made few spare runs to the garage, and I plan for the utility closet itself to house a network printer and a couple of network external hard drives. I’ll still need wireless for convenience with our three laptops, but none of our seven desktops will be dependent on “wireless” when I’m done.
I’m wanting to setup a nifty network but am no pro - Questions:
1) Regarding Managed Switches:
My notion is to buy a 24 port gigabit switch & plug it into my new D-Link DIR-655 Gigabit router, but don’t understand enough about managed switches to know if I ought to get a managed switch, or just stick with something simple - like say a D-Link DGS-1024D , or a NETGEAR JGS524. Would a “managed switch” be especially helpful in detecting intrusions, or bad stuff the kids may be inadvertently doing, or a home machine that’s been compromised and turned into a zombie?
2) Any special cable required for managing switch?
If a managed switch is a good idea, would it require me to run some other wire/cable besides the CAT 5e into the closet (before I drywall up everything)? I don’t expect to have a computer running in the closet.
3) Safeguarding my stuff from visitors on my network:
The kids’ friends sometimes show up with their laptops. They may start off doing homework but eventually wind up surfing. I worry a little about always allowing everyone behind my firewall. Would it make sense to plug a cheap 5 port 10/100 switch directly into the DSL modem, and then plug both my new wireless “n” router as well as my old D-Link DI-624 into it. I’d then be protected from “guests” with a firewall – right? My thought is that by giving the guests the passcode to the old wireless router, they would just get access to the internet but not be able to see any of my home LAN: the LAN HDs, USB HDs, printers, computers, etc. because the 655’s firewall would stop them. But would it slow things down? What if I turned off the DI-624 router except while we actually have guests about the house? Thoughts?
A managed switch would allow you to do a few of the things you talked about.
#1. A managed switch can allow you to set IP/port restrictions on actual physical ports. This means you can setup additional firewall rules directly into the switch.
#2. Guests. Most managed switches now allow vLANs. You can have one vLAN for your house and one vLAN for your wireless. You can allow both vLANs to talk to the router/NAT, but deny the ability to talk to each other. You could even lock down the wireless vLAN to only allow port 80/443 or something like that so they can browse the web but nothing else.
#3. Another thing you could do is setup a mirror port and have all internet traffic get routed to a dedicated computer that "sniffs" the traffic. You could buy a cheap micro computer with an Atom cpu or something, install a linux distro with Snort. This distro is essentially a virus scanner for network traffic. It could warn you of a compromised computer, then you could use your managed switch to lock down that computer's port and restrict which websites it can see, like Windows Update/etc.