[Hidden-tech] Separate lan for company laptop

Jan Werner jwerner at jwdp.com
Mon Mar 4 03:36:50 UTC 2019 

What you describe would connect the laptop directly to your ISP's network, bypassing your 
router.  NOT a good idea, even if you could get it to work, which I doubt.

Your router is what handshakes with your ISP's equipment to communicate with the WAN.  To 
connect directly without a router would require software on the laptop to handle the 
appropriate protocols.  If you were successful at that, you would have two devices (the 
router and the laptop) sharing a single address on the ISP's network (the modem).

I don't know who your ISP is, but in the unlikely event that they have the ability to 
resolve that from their end, they would certainly want to charge you for two connections.

More important, connecting directly to the Internet without a router providing Network 
Address Translation (NAT) behind a firewall would be a huge security risk.

As it happens, I own an ASUS RT-AC68U and it supports a separate guest network very well. 
Until a year ago, when I upgraded to an ASUS RT-5300 to get more bandwidth for streaming 
media and reconfigured the RT-AC68U as a bridge for my entertainment center, that was 
exactly how I used it.

Jan Werner
______________


Andy Klapper via Hidden-discuss wrote:
> Good morning all,
> 
> My plan is to have the laptop hardwired into a docking station, at least I assume they are 
> going to be sending me a docking station.
> 
> The router is an ASUS RT-AC68U with the latest update applied.  I suspect that it can 
> create a separate LAN for the laptop.
> 
> My current theory is that a network switch (as opposed to a hub) placed between the cable 
> modem and the router with three connections (the cable modem, router and laptop) will 
> provide the security that I want, an extra port (which I also need) and a very easy setup 
> for the cost of a switch that was sitting in my cabinet gathering dust.
> 
> If this solution isn’t as secure or has some other issues that in my ignorance I’m unaware 
> of please let me know.
> 
> Andy
> 
> *From:*Hidden-discuss <hidden-discuss-bounces at lists.hidden-tech.net> *On Behalf Of *Donald 
> M Stevens via Hidden-discuss
> *Sent:* Sunday, March 03, 2019 8:15 AM
> *To:* Aaron E-J <the at otherrealm.org>
> *Cc:* hidden-discuss at lists.hidden-tech.net
> *Subject:* Re: [Hidden-tech] Separate lan for company laptop
> 
> Good morning andy,
> 
> If your current router offers WiFi, you could just use the company laptop, connect to your 
> home WiFi “Guest” network, then your business laptop will have access to the internet, but 
> not anything on your internal network. (of course you won’t be able to print to your home 
> network printer if you have one).
> 
> The “Guest” WiFi network be default on most routers works this way.
> 
> Can you post the make / model of your home router? That will give us some idea of the 
> options you might have. (unless you don’t want anyone to know that)
> 
> Are you planning on connecting your work laptop with a wire and not wireless?
> 
> There may also be an option for DMZ, this allows you to create an area where you laptop 
> can sit, outsiders like your work, will have access, your business laptop will have 
> internet access, but no access to the rest of your home network.
> 
> Thanks!
> 
> Don
> 
> **
> 
> *TFI Technologies*
> 
> /“we are here to help you….”/
> 
> 329 Pease Road
> 
> East Longmeadow, MA 01028
> 
> Office: 413.308.4511
> 
> Cell / Text: 860.614.4153
> 
> Email:dstevens at tryandfindit.com <mailto:dstevens at tryandfindit.com>
> 
> LinkedIn:linkedin.com/in/don-stevens-504aa6b 
> <https://www.linkedin.com/in/don-stevens-504aa6b?lipi=urn%3Ali%3Apage%3Ad_flagship3_profile_view_base_contact_details%3Bzo%2BD4wDfQ%2FCDVF26QLPsXw%3D%3D>
> 
> Skype: tryandfindit
> 
> *From:*Hidden-discuss <hidden-discuss-bounces at lists.hidden-tech.net 
> <mailto:hidden-discuss-bounces at lists.hidden-tech.net>> *On Behalf Of *Aaron E-J via 
> Hidden-discuss
> *Sent:* Saturday, March 02, 2019 10:22 PM
> *To:* hidden-discuss at lists.hidden-tech.net <mailto:hidden-discuss at lists.hidden-tech.net>
> *Subject:* Re: [Hidden-tech] Separate lan for company laptop
> 
> Most routers have the ability to set up a guest network (I know that Netgear does and I 
> think that other companies have similar things).  If you login to the router, look for 
> something that has 'guest' or 'subnet" in its name, enable it and uncheck "Allow guest to 
> access My Local Network" (at least that is what you do on Netgear).  I would keep a 
> firewall in place though, because the firewall is mainly preventing malicious incoming 
> traffic from getting in.  There isn't much that you can do to prevent them from knowing 
> that things are coming from the same place unless you set up a VPN but placing your work 
> computer in a different subnet will allow you to share files in your personal network 
> without risking it being seen by your employer.
> 
> Aaron E-J
> 
> The Other Realm LLC
> 
> http://otherrealm.org
> 
> http://theotherrealm.org  (Blog)
> 
> On 2019-03-02 5:46 PM, Andy Klapper via Hidden-discuss wrote:
> 
>     I’ve spent a lot of time working remotely for various companies but I just got a new
>     job where I am being issued a company laptop (in the past I’ve been a consultant and
>     provided my own hardware).  Because this is company hardware they can put anything
>     they want on the laptop and I not only have zero say on it but they don’t even have to
>     tell me what they put on the laptop.  I would like to structure my home network so
>     that this laptop sits outside of the firewall that surrounds my home network.  How do
>     I go about doing that?  Is it as simple as putting a small inexpensive router between
>     my cable modem and my primary house router?  Do I need to do more to secure my home
>     network from my foreign hardware?
> 
>     Thanks,
> 
>     Andy.
> 
>     Andy Klapper
> 
>     Asgard Technology Group, LLC
> 
>     Making Complex Software Simple
> 
>     AndyTK at Asgard-Tech.com <mailto:AndyTK at Asgard-Tech.com>
> 
>     (860) 805-1189 (cell)
> 
>     _______________________________________________
> 
>     Hidden-discuss mailing list - home page:http://www.hidden-tech.net
> 
>     Hidden-discuss at lists.hidden-tech.net <mailto:Hidden-discuss at lists.hidden-tech.net>
> 
>     You are receiving this because you are on the Hidden-Tech Discussion list.
> 
>     If you would like to change your list preferences, Go to the Members
> 
>     page on the Hidden Tech Web site.
> 
>     http://www.hidden-tech.net/members
> 
> 
> 
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>

Google
More information about the Hidden-discuss mailing list