0

There is a laptop - not mine, someone else's. That someone else, as far as I know them, are a bit lousy in their security best practices (do they even have AV installed? not to mention OS patches or rather the lack of them) so I wouldn't be suprised if their laptop was infected.

Thing is, they're bringing their laptop to my home in a few days and despite the above I'd like to allow their laptop to connect to the internet through my home WiFi network (connecting via Ethernet rather than wifi is also an option).

What are the dangers of doing so? Is it possible to somehow mitigate these risks and how?

What nick do I choose
  • 1
  • Have a look at https://security.stackexchange.com/questions/117962/how-can-a-network-be-secured-against-attacks-coming-from-the-inside – efr4k Jan 23 '20 at 15:09

2 Answers2

0

Untrusted devices should be on their own, segregated network. Some wifi routers have a "guest" network, some separate the wifi from the ethernet. That's your best route.

Being on the same network means that any infection on the untrusted device can attempt to reach out to your own devices. The impact of that might be low, but that requires some understanding of the nuances involved.

Best case, put them on their own segment.

schroeder
  • 123,438
  • 55
  • 284
  • 319
0

It can infect via SMB shares or forged packets or it can infect the very router (botnet). It all depends on what kind of malware running on the infected laptop. The bare minimum you can do is - switch on all (I assume windows) devices from private to public network, disable shares, enable firewall, turn on UAC.

For the router - if it's possible create isolated client or guest wifi. If it does have ACL then try to enable it, and create entry to filter out connection between devices. Upgrade to the latest firmware.

However the best solution - clean the infected laptop.

Rashad Novruzov
  • 658
  • 2
  • 13