Sign-in / Sign-up
Your question

segerate a netbook so has internet but no LAN access

Tags:
  • NAS / RAID
  • LAN
  • Networking
  • Netbooks
  • Internet
Last response: in Networking
May 18, 2013 5:31:44 AM

I have a home network both wired and wifi. Tablets, phones, 4x PC, NAS and a netbook connect to it.

Modem router TP Link TD-W8980 + TP Link 8 port switch.

There is one person in the family that is anti-security, she has not not met an .exe she didn't like and want to double click. All you need to say to infect her netbook is 'Free ___' This person is the owner of the netbook who accesses the internet and NAS via WiFi. I have tried to educate her but to no avail, any anti-virus, firewall solution would be useless due to user actions.

I want to protect the other PCs from any virus/malware that is introduced via the net-book through the LAN. I want the netbook to access the internet and the NAS (the NAS is Qnap turbo and has 2 network adapters) but not be able to connect to other PCs on the LAN. The solution cannot involve the netbook directly as we have to assume it is hopelessly compromised.

I was thinking of having 2 separate networks, all the PCs I need to protect are wired. I have a spare Dlink DSLG604 and can set up a separate network with the netbook and other adapter on the NAS but how to I connect to the internet without joining the other LAN?

More about : segerate netbook internet lan access

May 18, 2013 9:53:44 PM

Would VLAN work here? if so what would be the best way to implement it?
Related resources
May 19, 2013 12:55:31 AM

Saga Lout said:
Assuming her netbook accesses wirelessly, put her on an Access Point and give her a sub-net of her own. An old router can easily be converted - disable DHCP and set it up using the information in this Sticky Post here:- http://www.tomshardware.co.uk/forum/36406-43-convert-wi...


Hi Saga, wouldn't that still allow the netbook to access other devices on the LAN via the gateway router?
a b X LAN
May 19, 2013 2:23:03 AM

It would have to be a deliberate attempt but changing the Workgroup name of the lady's netbook or of all the other PCs in the network would soon put a stop to that. Sorry if that isn't in the Sticky - that's not one of mine. :D  The innocently named "Homegroup" in W7 and 8 would have be binned in favour of proper networking, of course.
May 19, 2013 6:42:37 AM

I have OS6, xp, win8, win7, Ubuntu, openwrt, android operating systems running on the LAN. Mostly I use Samba, RDC, SSH and FTP to interconnect. There is no workgoup as such, at least none set up.

My concern is that an attacker would have access to the LAN though the compromised netbook.