Router Question: Separating a computer from a network

In summary, the person is looking for ways to keep their computer safe from viruses and malware while using it for online financial transactions. They have considered separating it from the rest of the network, but are unsure of the most effective method. Suggestions include using a VPN or setting up a firewall, but ultimately it is acknowledged that there is no foolproof method for protecting a computer from all potential threats. It is also mentioned that keeping other computers on the network clean may be a hassle, and the person is open to further suggestions and advice.
  • #1
doubleaxel195
49
0
I want to separate my computer from the rest of the network in my home. I'm really scared about getting viruses through the home network because of other people in my family. I want a computer to use that I know will be safe for dealing with money online. Any ideas?
 
Computer science news on Phys.org
  • #2
doubleaxel195 said:
I want to separate my computer from the rest of the network in my home. I'm really scared about getting viruses through the home network because of other people in my family. I want a computer to use that I know will be safe for dealing with money online. Any ideas?

What you want to do makes no sense. Malware comes from the internet, not from other machines on the same network segment. If you want your computer to be safe, don't connect it to the internet period.
 
  • #3
fss is right. If you don't want anything bad to happen to your computer, it's best to leave it disconnected from the internet. Even if they did get some malware, it would have to be a worm to infect your computer over a network. Worms work just as well over the internet as any other network, so you're not really gaining anything. You could always dual boot Linux. I've never heard of a worm for Linux (not to say they don't exist).

That said, sometimes this is not an option. To do what you want to do, I think what you need is to set up a VPN. They're not impervious to tampering, so there's no guarantee they'll work for what you want, but they concept behind them is exactly what you're asking for.
 
  • #4
While the source of malware is ultimately the Internet, it is possible to get infected from other computers on the same network. (Trust me, it's amazing how fast a worm propagates through a network.) Offline sources of infection include such things as autorun malware from USB sticks.

The fact is, a computer attached to a network cannot be considered secure. There are too many unknown zero-day vulnerabilities that can be exploited. However, you can reduce your risks. If you have a firewall you can block incoming connections from the other computers on your network. What you really want is defense-in-depth. A good software firewall that monitors incoming and outgoing connections, a good AV, locked down Windows, running as a limited user and using UAC to elevate to admin rights, encrypting important data, using strong passwords, minimizing threats by limiting software used, etc. Limiting the software you run reduces the "surface area" available to attack. Try to avoid Adobe software, as it is buggy and full of security holes. Keep the computer up-to-date.

Since you seem concerned with the security of your family's computers, why not offer to keep them clean, etc?

If you're really paranoid, create a known clean image and reimage the computer at each boot. You can also switch to a Unix-like OS, which are more secure than Windows in many ways.

When doing any online transactions, make sure that your connection is encrypted, preferably with AES-128 or AES-256. (This will be out of your control and will depend on the capabilities of your bank's servers.)
 
  • #5
I know nothing will be 100% secure unless I do disconnect my computer from the internet, but I am willing to take as many safeguards as I can.

I already use a separate computer for business transactions, which is different from my personal computer. I don't download any software that I do not need on the business computer and I don't surf the internet on that computer either other than the financial websites that I visit. So my main concern is the other computers on the network. Twice this year, I have had to reformat and reinstall windows for people in my house because they got a virus that I couldn't get rid of. So keeping their computers clean would be too much of a hassle for me because they aren't very internet savvy to put it nicely.

Has anyone heard of connecting a second router to the main router to segregate a computer? Wouldn't that provide a layer of defense for any would be worms? By the way, I'm not that knowledgeable about networking.

I will look into your guys' suggestions and I'm sure I'll have questions. Thank you very much for your time. Any more responses will be greatly appreciated.
 
  • #6
doubleaxel195 said:
Twice this year, I have had to reformat and reinstall windows for people in my house because they got a virus that I couldn't get rid of. So keeping their computers clean would be too much of a hassle for me because they aren't very internet savvy to put it nicely.
I don't think that's a good study case. Just because it's likely for people who know what they're doing to install trojan horses doesn't mean it's likely to get a worm. Worms are exceedingly rare; I've never had one, and I take no precautionary measures. That said, I use Ubuntu 90% of the time.

doubleaxel195 said:
Has anyone heard of connecting a second router to the main router to segregate a computer?
That would work. It will be the equivalent of a VPN, but maybe a little harder to crack. Like I said, there's no sure fire method. For example, the network traffic on the outer network, the one with the infected computers on it, coming from your inner router, the one your "secure" computer is on, could be manipulated by an infected computer to do whatever they would have done if you were on the same network. VPN is defeated in essentially the same manner. Packet sniffing (the act of intercepting information on a network) works just as well whether the sending party is a router or a computer.
 
  • #7
What OS are you running? Windows 7 and Vista are pretty unlikely to be remotely exploited by a virus when they are kept patched and you have a personal firewall. I haven't had a remote exploit happen in at least 5 years. Also, make sure the user you do 90% of your work with is not running with admin privileges, what you think might be other people on your network could very well be you just picking stuff up off the net.
 

1. How can a router be used to separate a computer from a network?

A router can be used to separate a computer from a network by creating a separate network for the computer to connect to. This is done by assigning the computer a different IP address and subnet mask than the rest of the devices on the network. The router acts as a barrier between the two networks, allowing the computer to communicate with the rest of the devices on its network, but not with devices on the other network.

2. Why would someone want to separate a computer from a network?

There are several reasons why someone may want to separate a computer from a network. One reason is for security purposes, as it provides an extra layer of protection for the computer and its data. Another reason may be to create a dedicated network for a specific task or project, without interfering with the main network.

3. Can a router be used to separate multiple computers from a network?

Yes, a router can be used to separate multiple computers from a network. Each computer would be assigned a unique IP address and subnet mask, and the router would create a separate network for each computer. This allows for better organization and control over the devices on the network.

4. What are the potential drawbacks of separating a computer from a network using a router?

One potential drawback is that the computer may not be able to access certain network resources or devices, such as shared printers or files, on the main network. This can also lead to communication issues between the computer and other devices on the main network. Additionally, setting up and managing a separate network may require additional time and resources.

5. Is it possible to reconnect a separated computer back to the main network?

Yes, it is possible to reconnect a separated computer back to the main network. This can be done by changing the IP address and subnet mask of the computer to match that of the main network, and then connecting it to the router using the appropriate network port. However, it is important to ensure that the computer is properly secured before reconnecting it to the main network.

Similar threads

  • Computing and Technology
Replies
1
Views
1K
Replies
5
Views
1K
Replies
13
Views
1K
Replies
16
Views
3K
Replies
8
Views
2K
  • Engineering and Comp Sci Homework Help
Replies
1
Views
588
  • Computing and Technology
Replies
3
Views
2K
  • Programming and Computer Science
Replies
2
Views
1K
  • Computing and Technology
Replies
7
Views
2K
  • Computing and Technology
Replies
4
Views
3K
Back
Top