to subnet a network does not secure anything... subnetting or its higher brother VLSM is to increase the amount of address you can have in a network. what you want to do is setup 2 Vlans, one vlan can not access another unless allowed to through a router. if this is a corporate setting then your switches can be configured to do this in about 5 minutes. if this is at home then i would ask why you need this kind of security when blocking access is built into windows.
i would put the nas on its own vlan and setup an access account through a VPN. if you just want the 3 physical machines to have access then put the machines and nas on there own vlan. the machines would be allowed to access the Internet but they could not access any other systems files on the lan nor could the rest of the lan access theirs or the nas's. if you have cisco switches then you need to log in, go to enable, config t, then setup your vlans 1, 2, and possibly 3 depending on your setup. each vlan will be on its own ip scheme and/or their own subnet if thats how you want to set your topology.