In the first two posts this week I gave ways of improving network traffic. Yesterday’s post was about firewalls and routers. Today’s post involves traffic concerns and security of your home computers on a home network. You know from my posts the concern and importance I put on keeping your systems and equipment protected. While having a firewall/router in place will keep you protecting from those who would do harm from the internet, it won’t protect you from friends and family with infected computers that connect to your network.
To keep traffic separated you want to set up network segments. Network segments can best be described as phones in different rooms with different lines to make calls. Both can call the same areas, but the communication is kept separated and conversations will not be overheard. While this does involve an additional piece of equipment, the security you gain is worth it considering having to reload your systems due to an infection from someone using you network. You install your first firewall/router with the standard setup by plugging your cable/dsl modem into the internet port on the device. This would be your Guest network. I would still recommend putting security on the wireless, if capable, so no one is able to connect without your permission.
To setup the second firewall/router, for your own internal (Private) network, plug a cable from one of the ports on the first unit into the internet port on the second unit. When you configure the second device there is one change you will want to make. That change is the IP Address range you will use. There are three classes of IP addresses, and three private classes with those ranges. The private classes are designed for using internally.
The classes breakdown as follows in reverse order:
Class C – 192.168.0.1 to 192.168.0.254 (this is usually the range you will get plugging directly from the modem into your computer)
Class B – 172.16.0.1 to 172.31.255.254 (allows for medium size networks)
Class A – 10.0.0.1 to 10.255.255.254 (allows for large private networks)
The number of computers you can connect depends on the subnet, but that is more technical than applies to this posting. Because you won’t have that many devices on the network you want to stay with a subnet of 255.255.255.0. The Firewall/Routers should have a DHCP server option I would strongly recommend using this as it makes using your systems elsewhere easier. Devices (i.e. printers, network storage devices, are the only exception for using DHCP as a system needs to know where these are. There are ways of naming these so they can be found but I find it easier using a static IP for these.
My recommendation is use one of the private classes on the Guest segment (Class B or C), and then use a different segment on the Private segment (Class A).