1
I would like to keep my main computer as much isolated from wi-fi as possible. In other words, if the wi-fi part of my home network becomes compromised, the hacker still won't be able to break into the main computer.
Also, I want protection against the situation when a spyware is installed on another computer that's connected to wi-fi.
What would be the most secure configuration?
Thank you.
user1566515
Posted 2013-08-28T01:28:39.497
Reputation: 213
1
The "best" thing you can do is separate the 2 networks physically. Have one WiFi network and one wired network. If there is no connection between the two, you are completely secure.
The next best thing would be to have them connected, but require a secure tunnel, like a VPN, from the wireless to the wired.
Keltari
Posted 2013-08-28T01:28:39.497
Reputation: 57 019
It isn't clear how a VPN would provide additional security as a VPN can pass both legitimate and non-legitimate traffic without additional measures. Could you expand upon your answer? – Paul – 2013-08-28T01:48:17.970
@Keltari > separate the 2 networks physically Would I need 2 cable modems for that? – user1566515 – 2013-08-28T02:23:47.870
1
Well, first a few points:
If you have one router, your WiFi and ethernet LAN are most likely the same network. That's on purpose... to allow all of your devices (wired or wireless) to function properly and interact with each other. You can picture the wireless devices as just a different way to connect to the same network, much as keyboards can be connected via USB or PS/2 interfaces or Bluetooth, but once connected they all function the same.
On some routers there is an option to enable "AP Isolation" which will (as @Paul commented) will accomplish your task directly.
You should invest in some antivirus and firewall software to install on all of your computers if you are so concerned about the infection spreading. If you're an advanced user, you can set up separate virtual networks to run your computers from.
If your concern is about keeping the 'main computer' as isolated as possible, what would stop a virus from landing on that computer versus any other computer in your home? If you mean "from outside WiFi visitors" then you need to simply secure your wireless network with a strong encryption type, and possibly limit access to specified MAC addresses.
ionFish
Posted 2013-08-28T01:28:39.497
Reputation: 163
Hi ionFish, mac address restrictions would not inhibit someone able to crack WPA, so it isn't considered a security measure. – Paul – 2013-08-28T01:49:32.240
1@ionFish If your concern is about keeping the 'main computer' as isolated as possible, what would stop a virus from landing on that computer versus any other computer in your home? Let's say there's a laptop with a wi-fi connection. It catches a virus that later spreads to the main computer. Of course, the fact that it's on wi-fi is not essential here, but the more computers and other devices I have on wi-fi, the higher is infection risk. Just simple probability. – user1566515 – 2013-08-28T02:31:27.043
There are various wifi router products out there that have an option that prevents wifi devices from interacting with wired devices. Usually this is called "wifi isolation". – Paul – 2013-08-28T01:32:15.543