#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    4
    Rep Power
    0

    Security when using a network switch


    Hello

    Complete newbie to networking and needed some advice.

    I have a Wireless and 4 port internet router provided by my ISP and have all 3 ports used by other wired devices. I have 3 more machines I need to connect to the internet and so I was thinking of getting a 4 port Gigabit Ethernet Switch.

    If I were to connect this switch to the 4th available port of my ISP wireless router, I presume all of the machines connected to that switch would be able to receive the internet connection.

    My concern is that if someone were to connect to my ISP router via wireless (which I do for iphone and laptops), with the switch now connected to the ISP router, are people able to access files from the other machines that are connected to the switch?

    I do not want this to happen as my aim is to have only the computers attached to the switch to talk to each other, share files, etc and not if anyone is accessing the internet router wirelessly.

    Any advice would be appreciated

    Thanks
    Si
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    My concern is that if someone were to connect to my ISP router via wireless (which I do for iphone and laptops), with the switch now connected to the ISP router, are people able to access files from the other machines that are connected to the switch?
    Yes, assuming the machines are file sharing in some way.

    Some routers allow you to configure "guest" wireless networks that are segregated from your main local network.

    Alternatively you could configure the firewalls on each of the connected machines to block local traffic.

    Using a second router instead of a switch would probably work too, although I've not set up a network in that way before.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    4
    Rep Power
    0
    Originally Posted by E-Oreo
    Yes, assuming the machines are file sharing in some way.

    Some routers allow you to configure "guest" wireless networks that are segregated from your main local network.

    Alternatively you could configure the firewalls on each of the connected machines to block local traffic.

    Using a second router instead of a switch would probably work too, although I've not set up a network in that way before.
    Thanks for the info! I'll be having a mac 10.6, win vista and win 7 and potentially a NAS on this network so hope that each of them will offer an easy way to talk to each other, receive an internet connection but be able to block any unwanted intruders.

    If I used a gigabit router instead, what advantages would I have of using that over a switch? Would the approach to security be the same? Do most routers offer this 'guest' feature? What term for this feature, would I need to look out for when buying a router?

    Forgive my lack of knowledge, but with the firewall - when you say block local traffic, does that mean that I wouldn't be able to share files in a folder from one machine to the other? Or does 'local traffic' refer specifically to the WWW?

    To be honest, if I can try and configure another router with 'guest' wireless networks as you described - that'd probably be ideal.

    Thanks.
  6. #4
  7. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    With a separate router you wouldn't be able to easily share between the three connected to your first router and the three connected to your second router. It would put the machines on separate local networks.

    I don't know whether the guest feature is common or not. My Netgear router has it and it's just called a guest network. The router I have is not an incredibly high end one.

    With a firewall you could allow connections to and from specific machines on specific ports and block the rest.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2012
    Posts
    4
    Rep Power
    0
    Originally Posted by E-Oreo
    With a separate router you wouldn't be able to easily share between the three connected to your first router and the three connected to your second router. It would put the machines on separate local networks.
    I see, so aside from the 3 machines on the separate router being able to share the internet connection from the first (ISP) router, any other device attached to the first router cannot be accessed by the 3 machines on the second router? (so ethernet printers for example)

    Originally Posted by E-Oreo
    With a firewall you could allow connections to and from specific machines on specific ports and block the rest.
    Right, so this looks to be what I might need to work towards. So if I got a NETGEAR GS105, attached it to my ISP Router for the 3 machines that I'll connect the NETGEAR to access the internet. For the firewall settings, is that something that I need to set on each machine or on the ISP Router? (I presume the NETGEAR doesn't have any 'settings' that can be accessed). Apologies again for what is probably a simple concept to grasp. I've never set up a network before.

    If I am needing to adjust the firewall settings for each machine, how will I know what ports I would need to block without restricting access to the internet and not have to worry about the 3 machines being able to share data between each other? If you have any links to simple explanations as to how to do this, I would be grateful.

    Thanks again!
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    A simple thing to look for is a setting called, "access point isolation" on the wireless router. This prevents wireless clients from talking to other machines on the network; and vice versa.
  12. #7
  13. Automagically Delicious
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    127.0.0.2 - I live next door.
    Posts
    2,200
    Rep Power
    2737
    Did I miss something or is there a reason why encryption cannot be put on the wireless LAN to keep everyone off of it? Is this an all-private network?
    Adam TT
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    I think the OP wants to allow people on the network, but not let them access each other's files on the LAN.
  16. #9
  17. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,642
    Rep Power
    4476
    If you want to offer a network to guests with machines that you don't trust and that shouldn't talk to anything else on your network, then you either need a wireless router that'll support a guest network with a separate SSID or a separate wireless router.

    If you and your guests need common access to things like the printer and NAS, then that's going to be difficult.

    If you can't trust machines on your network, then you're going to either need some specific firewall rules in your router (if supported) or individual firewall/security software on each computer (or have them locked down).

    It would help if you gave a little more background on exactly what you're trying to accomplish.
    -- Cigars, whiskey and wild, wild women. --
  18. #10
  19. Automagically Delicious
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    127.0.0.2 - I live next door.
    Posts
    2,200
    Rep Power
    2737
    See, the way I read it was that the OP was asking the "what if someone were to do that like I do?" Not so much as a "What happens when I allow them to..." Maybe I'm reading into it too much.
    Adam TT

IMN logo majestic logo threadwatch logo seochat tools logo