Security when using a network switch

Hello

Complete newbie to networking and needed some advice.

I have a Wireless and 4 port internet router provided by my ISP and have all 3 ports used by other wired devices. I have 3 more machines I need to connect to the internet and so I was thinking of getting a 4 port Gigabit Ethernet Switch.

If I were to connect this switch to the 4th available port of my ISP wireless router, I presume all of the machines connected to that switch would be able to receive the internet connection.

My concern is that if someone were to connect to my ISP router via wireless (which I do for iphone and laptops), with the switch now connected to the ISP router, are people able to access files from the other machines that are connected to the switch?

I do not want this to happen as my aim is to have only the computers attached to the switch to talk to each other, share files, etc and not if anyone is accessing the internet router wirelessly.

Any advice would be appreciated

Thanks
Si

Yes, assuming the machines are file sharing in some way.

Some routers allow you to configure "guest" wireless networks that are segregated from your main local network.

Alternatively you could configure the firewalls on each of the connected machines to block local traffic.

Using a second router instead of a switch would probably work too, although I've not set up a network in that way before.

Thanks for the info! I'll be having a mac 10.6, win vista and win 7 and potentially a NAS on this network so hope that each of them will offer an easy way to talk to each other, receive an internet connection but be able to block any unwanted intruders.

If I used a gigabit router instead, what advantages would I have of using that over a switch? Would the approach to security be the same? Do most routers offer this 'guest' feature? What term for this feature, would I need to look out for when buying a router?

Forgive my lack of knowledge, but with the firewall - when you say block local traffic, does that mean that I wouldn't be able to share files in a folder from one machine to the other? Or does 'local traffic' refer specifically to the WWW?

To be honest, if I can try and configure another router with 'guest' wireless networks as you described - that'd probably be ideal.

Thanks.

With a separate router you wouldn't be able to easily share between the three connected to your first router and the three connected to your second router. It would put the machines on separate local networks.

I don't know whether the guest feature is common or not. My Netgear router has it and it's just called a guest network. The router I have is not an incredibly high end one.

With a firewall you could allow connections to and from specific machines on specific ports and block the rest.

I see, so aside from the 3 machines on the separate router being able to share the internet connection from the first (ISP) router, any other device attached to the first router cannot be accessed by the 3 machines on the second router? (so ethernet printers for example)



Right, so this looks to be what I might need to work towards. So if I got a NETGEAR GS105, attached it to my ISP Router for the 3 machines that I'll connect the NETGEAR to access the internet. For the firewall settings, is that something that I need to set on each machine or on the ISP Router? (I presume the NETGEAR doesn't have any 'settings' that can be accessed). Apologies again for what is probably a simple concept to grasp. I've never set up a network before.

If I am needing to adjust the firewall settings for each machine, how will I know what ports I would need to block without restricting access to the internet and not have to worry about the 3 machines being able to share data between each other? If you have any links to simple explanations as to how to do this, I would be grateful.

Thanks again!

A simple thing to look for is a setting called, "access point isolation" on the wireless router. This prevents wireless clients from talking to other machines on the network; and vice versa.

Did I miss something or is there a reason why encryption cannot be put on the wireless LAN to keep everyone off of it? Is this an all-private network?

I think the OP wants to allow people on the network, but not let them access each other's files on the LAN.

If you want to offer a network to guests with machines that you don't trust and that shouldn't talk to anything else on your network, then you either need a wireless router that'll support a guest network with a separate SSID or a separate wireless router.

If you and your guests need common access to things like the printer and NAS, then that's going to be difficult.

If you can't trust machines on your network, then you're going to either need some specific firewall rules in your router (if supported) or individual firewall/security software on each computer (or have them locked down).

It would help if you gave a little more background on exactly what you're trying to accomplish.

See, the way I read it was that the OP was asking the "what if someone were to do that like I do?" Not so much as a "What happens when I allow them to..." Maybe I'm reading into it too much.