Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Networking (https://www.cableforum.uk/board/forumdisplay.php?f=87)
-   -   Help improving home network security (Super hub 3) (https://www.cableforum.uk/board/showthread.php?t=33709321)

Pierre99 29-08-2020 21:58

Help improving home network security (Super hub 3)
 
I posted this in the security thread then noticed this - I don't mean to flood the forums :erm:
Devices I have:
VM Superhub 3 (Main internet router)
VM Superhub 2 (spare and not in use) - mentioned in the hope I can make use of this to solve my problem


What I want to achieve:
I use LAN for main computers, and want to isolate 2 devices which are connected via LAN.

I have a guest WIFI set up, but obviously this is no good for the Wired in devices I want to isolate.

Can I isolate 2 specific devices via Mac address or anything, so they cannot sniff my network or have any connection to the rest of my main network? I just don't want them to figure out personal forums etc I visit (I would like to avoid buying a VPN)

Can I use the Superhub 2 as a isolation guest router, and then Lan the devices through that? or any other settings I can tweak to achieve this?

I hope that all makes sense

Pierre99 13-09-2020 15:15

Re: Help improving home network security (Super hub 3)
 
anyone with some knowledge that can help please?

General Maximus 13-09-2020 20:09

Re: Help improving home network security (Super hub 3)
 
You can do it very easily just not with residential switches and routers. Have you google'd it to see if there is an easy solution before you go out buying new equipment. You can probably get your hands on some old Cisco stuff really cheap but there are many lengthy courses dedicated to how to use them and it isn't something I can't type out here.

Pierre99 13-09-2020 21:07

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by General Maximus (Post 36049894)
You can do it very easily just not with residential switches and routers. Have you google'd it to see if there is an easy solution before you go out buying new equipment. You can probably get your hands on some old Cisco stuff really cheap but there are many lengthy courses dedicated to how to use them and it isn't something I can't type out here.

I understand - yes I've googled quite a bit and haven't found anything specific to guest lans, or anyone on forums trying what I'm doing (surprisingly). It's all just about guest wifis out there.

Is there a specific feature I need to make sure the switch has (as well as the VLANS of course). Also would this completely isolate it from the rest of the network, so if a guest wants to do anything dodgy ie sniff the network and he's on this specific VLAN, he can't pick up anything from the main private network?

General Maximus 13-09-2020 22:18

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by Pierre99 (Post 36049908)
Is there a specific feature I need to make sure the switch has (as well as the VLANS of course).

Nope. It is all down to software and the OS the switch runs. We would have to check and make doubley sure once you find a switch you are interested in but i am 99.99% sure the OS which is installed on all Cisco switches supports vlans.

Hom3r 15-09-2020 19:56

Re: Help improving home network security (Super hub 3)
 
I can highly recommend Fingbox

You plug it into your router and once set up every device is blocked until you approve it via the app or desktop version.

Yesterday my dad bought himself a Galaxy Tab S7+ and I entered the Wi-Fi code but fingbox blocked it.

But I simply approved it.


A few months ago I was playing with the guest network on my router, and it blocked 4 Huawei devices that I guess a neighbour had.

Pierre99 15-09-2020 21:09

Re: Help improving home network security (Super hub 3)
 
thank you for the help and advice so far everybody.

https://www.amazon.co.uk/NETGEAR-5-P...dp/B07QF51CVQ/

What I'm after is Ethernet isolation. A bit more searching shows 'Private VLAN' may be the words i'm after

Would something like this allow me to create Guest VLANS, which for example if a Guest computer was ethernet connected in to a Guest VLAN Port, they cannot carry out miscellaneous tasks such as Sniffing the network etc?

Hom3r 15-09-2020 22:19

Re: Help improving home network security (Super hub 3)
 
It might be worth in the router setting adding words/websites to the black list.

For example, a few years ago an elderly couple had an unprotected Wi-Fi, and someone accessed it and downloaded the worst kind of porn imaginable.

They got done for it, even there were no items on any devices/media.

Stuart 17-09-2020 13:07

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by Hom3r (Post 36050293)
I can highly recommend Fingbox

You plug it into your router and once set up every device is blocked until you approve it via the app or desktop version.

Yesterday my dad bought himself a Galaxy Tab S7+ and I entered the Wi-Fi code but fingbox blocked it.

But I simply approved it.


A few months ago I was playing with the guest network on my router, and it blocked 4 Huawei devices that I guess a neighbour had.

I don't use guest Wifi, but a second vote for the Fingbox here..

The interesting thing is that because of how the blocking works, the device thinks it's connected to the Internet, just gets no response when it tries to do anything useful.

It's worked reliably for the last couple of years, and has blocked more devices than I thought it would.

The only time I've had any trouble with it is while beta testing iOS 14. iOS 14 has an option to generate a random MAC every time it connects to a WiFi network (to prevent tracking), with the option to present a consistent MAC address to known networks. This didn't work, which meant every time my phone or watch connected to my network, they were both blocked..

Apple have since fixed this.

Hom3r 17-09-2020 21:04

Re: Help improving home network security (Super hub 3)
 
There must haven been some update as the TV I plugged in to a switch was also blocked, until I unblocked it.

Pierre99 18-09-2020 19:38

Re: Help improving home network security (Super hub 3)
 
I really need to secure the network via ethernet - is it not possible? isolate certain ethernet devices on the network via specific port management?

pip08456 18-09-2020 20:21

Re: Help improving home network security (Super hub 3)
 
Answer this Pierre, why would you wish to isolate 2 LAN devices as you think they may be snooping on your activity?

No guests just 2 other LAN connections, who and why?

Pierre99 18-09-2020 21:27

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by pip08456 (Post 36050715)
Answer this Pierre, why would you wish to isolate 2 LAN devices as you think they may be snooping on your activity?

No guests just 2 other LAN connections, who and why?

I will cover some examples to help you understand better:

Like I said I have a friend/business partner that has access to our studio windows 10 machine. I do see any activity as the screen is on, however how would I know if the windows 10 machine becomes compromised, and they can sniff around network to pick up private data.

Also if I have clients visit and wire in their machines to the network (we do high transfer of files from the windows 10 machine to clients and vice versa, sometimes left on over night) hence why I would prefer they are isolated LAN ports, so whatever happens they do not interfere or cannot pick up anything private

pip08456 18-09-2020 21:55

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by Pierre99 (Post 36050737)
I will cover some examples to help you understand better:

Like I said I have a friend/business partner that has access to our studio windows 10 machine. I do see any activity as the screen is on, however how would I know if the windows 10 machine becomes compromised, and they can sniff around network to pick up private data.

Also if I have clients visit and wire in their machines to the network (we do high transfer of files from the windows 10 machine to clients and vice versa, sometimes left on over night) hence why I would prefer they are isolated LAN ports, so whatever happens they do not interfere or cannot pick up anything private

This is the first time you have ever mentioned friend/business partner or clients in this thread. I think everyone was looking at a personal LAN connection.

The flingbox now can become a reality if you have a LAN storage unit. Upload the files to that, allow them access to it but block your PC to them.

Pierre99 18-09-2020 21:59

Re: Help improving home network security (Super hub 3)
 
Quote:

Originally Posted by pip08456 (Post 36050750)
This is the first time you have ever mentioned friend/business partner or clients in this thread. I think everyone was looking at a personal LAN connection.

Apologies for not being clear its my home network and home internet where I connect my office through a network cable into a mini unmanaged switch


Internet router Super hub 3 ->*

* LAN ---> Personal unmanaged switch --->Personal devices
* LAN ---> Office unmanaged switch ---> Unsecure Guest devices & remotely accessible machine

I would like a barrier between the 2 even if it involves a second managed switch plugged in the middle of it all (I do have a super hub 2 which is unused if that can help create this barrier)


All times are GMT +1. The time now is 08:55.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.