Need separate wired & wireless connections to the internet

[ShyDi]

Hello... I hope I'm using the right forum for this question. I've been trying to research this on my own, but my head is spinning with unfamiliar terminology when it comes to networking.. so I'll need some step by step help.

I currently have a Linksys WCG200 wireless gateway cable modem. The computers in my office are connected to it via ethernet cables and I use the wireless signal in the rest of the house for my laptop and guests. I'm (still) using Win XP Pro on all the computers.

I'm about to start a work at home job doing customer service and I am not allowed to have a wireless network that might broadcast customer information, so I need to be able to prevent that from happening. I'm assuming I'll need two separate networks?

All computers need internet access and if it's possible I would still like to be able to share files between the two networks (assuming I need 2 different networks), but it's not the end of the world if I can't do that.

How do I go about doing this and what hardware do I need to buy?

Thanks in advance for any help...

Diane

 

[eibgrad]

Yes, you need two networks, but to do this right, those networks need TOTAL separation. You can’t have mostly separation here, and a little union there. Once one network contaminates the other, it doesn’t matter anymore. IOW, you can’t have separation and union at the same time, not if you’re serious about security.

What you should do is use three routers (yes, THREE!). The primary router handles internet traffic on behalf of the other two router’s networks, each of which has its WAN connected to one of the primary router’s LAN ports. Now it’s impossible for one network to contaminate the other because traffic never flows between them. Any other shared resources should be placed on the primary router, which might include a printer, VOIP adapter, etc., anything that is legitimately not private to either network.

A more sophisticated approach used by a network professional would be to use a single router w/ VLAN (virtual LAN) support. It just cuts down on the hardware requirements. But using several routers accomplishes the same thing, and is usually easier (if somewhat awkward) for the average consumer.

Now is it worth all this trouble just because you have wireless? Personally, I think not. Once you have WPA/WPA2 w/ a strong passphrase, it’s sort of silly. Nobody’s gettin’ in, period. In fact, you’re far more likely to have some thief break-in and simply steal everything! LOL

Truth is, the real threat is not local, but the internet. If they were serious, they’d insist on a VPN, one that connects only back to them!

 

[ShyDi]

Thank you eibgrad... Your explanation was very helpful and made it all clear!

I may just isolate my 'work' computer on the new network alone so that I can still access the others when I need to. It sounds like I will need to replace the wireless WCG200 since it also functions as my modem and if I understand correctly, the wireless network needs to be on the other side of the primary router to handle that network. So to implement this setup, I will need to purchase a modem, one wireless router and two wired. This will be expensive!

I might be willing to try the VLAN route if I can find some instructions that explain what to do as well as you've explained this to me... I'm not totally illiterate with computers as I've built my own since the early 80's (just been jobless for so long I haven't been able to upgrade) and I'm not afraid to tinker around. I've not fooled around enough with networking to get more than a (very) basic understanding, but I'm willing to give it a shot to save some cash... can you point me to the source of a good tutorial where I can read up on this to ascertain the difficulty of it?

I agree with your opinion on the VPN and it's puzzling as to why they aren't doing that... it's possible that it would cost their IT dept (if they have one) too much to help each employee get that set up... it's usually all about the $$!!

~Diane

 

[ShyDi]

OK, forget the VLAN... I don't have the time or energy to fool with that right now. I need to keep things as simple as I can so I'm thinking that I'm not going to worry about separating the networks and just go with a totally wired network... the company doesn't specify that I need to keep the 'work' computer separate from my network, just that "company/customer data may not be redistributed wirelessly at home via wireless means such as a wireless router". So maybe that simplifies things a bit?

In this case I'm thinking I'd need a modem and one router with enough ports for all my devices, or if the router doesn't have enough ports, I would just add a switch, correct?

If so, any recommendations or caveats on hardware that will be easy to set up without conflict? I'm looking at a Motorola SB6121 (or SB6141?) Surfboard modem and a TP-link TL-R470T+ router. I already have a D-Link DGS-2208 8-Port 10/100/1000 Desktop Switch I can use... does that sound like an easy, trouble free setup or am I just totally off base?

~Diane

 

[ShyDi]

eibgrad... would you be kind enough to give me just a little more guidance on how to put in place the (dual wired & wireless) network scenario you've suggested?

I was planning to use a Motorola Surfboard SB6141 modem with a TP-Link TL-R470T+ as my primary router, with a second TP-Link router (attached to the primary router) for my wired network... then attach a Linksys E2500 wireless N router (again to the primary router) for the second network.

However, I'm wondering if I would be able to use a Motorola SURFboard Gateway SBG6580, (which has the modem & a dual band wireless router in one unit), and then add a TP-Link TL-R470T+ router to one of the LAN ports of the gateway... would that still create two separate networks? Or, would I still need to add another wired router between the gateway & the primary router? Either way, it would help cut down on the amount of hardware I'd need to purchase if the gateway would work.

Finally, do you see any compatibility problems with the equipment I'm considering?

Thanks so much for your help... trying to get this all figured out has been exhausting... I hope setting it all up will be easier!!

~Diane

-------------------------

Yes, you need two networks, but to do this right, those networks need TOTAL separation. You can’t have mostly separation here, and a little union there. Once one network contaminates the other, it doesn’t matter anymore. IOW, you can’t have separation and union at the same time, not if you’re serious about security.

What you should do is use three routers (yes, THREE!). The primary router handles internet traffic on behalf of the other two router’s networks, each of which has its WAN connected to one of the primary router’s LAN ports. Now it’s impossible for one network to contaminate the other because traffic never flows between them. Any other shared resources should be placed on the primary router, which might include a printer, VOIP adapter, etc., anything that is legitimately not private to either network.

A more sophisticated approach used by a network professional would be to use a single router w/ VLAN (virtual LAN) support. It just cuts down on the hardware requirements. But using several routers accomplishes the same thing, and is usually easier (if somewhat awkward) for the average consumer.

Now is it worth all this trouble just because you have wireless? Personally, I think not. Once you have WPA/WPA2 w/ a strong passphrase, it’s sort of silly. Nobody’s gettin’ in, period. In fact, you’re far more likely to have some thief break-in and simply steal everything! LOL

Truth is, the real threat is not local, but the internet. If they were serious, they’d insist on a VPN, one that connects only back to them!