Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

How do I isolate a machine from my home network

Sep 5, 2015 4:41PM PDT

I would like to establish two completely separate networks within my home, and for security I would like them to be completely isolated from each other (not ‘see’ each other)
I’m a self-employed and run my business from a home-based office that I would like to have completely separated from my personal home network.

Currently, this is my setup ..

I have the Comcast/Xfinity, Technicolor TC8305C wireless gateway modem.

Connected to it is :
- My personal laptop, running Win7 Professional / connected wirelessly
- A dedicated desktop PC that I utilize as a home media center. This PC is ether cable connected to the internet and to my TV (netflix, web surf, dvd player, etc)
- A cable connected printer
- Android Tablet
- Android Smartphone


I have an HP desktop PC running Win7 Professional that I use exclusively for my business. I keep all my business files on this machine, and run Quickbooks Pro 2011 accounting software.


My bookkeeper recently moved out of state. What I would like to accomplish is setting up the HP PC on its own to where she and I both can securely access it. Her over the internet, and myself either in front of it or over the internet when I am not in the office.

What would be super special is if there would be no conflict with us simultaneously accessing the machine. I know QB doesn’t work like that (and that isn’t an issue), but maybe if I’m home working in general (running Office or CAD) while she is in Quickbooks.
This is not a priority since she will only need random access every month or so, but if it’s doable it would be great to be able to. She has the same version of QB on her desktop, so maybe in that scenario she would only have to access the company file .... ? ......

I also have the Cisco RV110W VPN that a friend bought me to setup for this purpose, but I have no clue what to do with it. (I can return it if it will not serve purpose)

She will not necessarily access my business PC from the same machine all the time, or from the same location all the time.
What I mean by that is, she has a home PC, a laptop, a tablet, a smartphone .. and she sometimes may have to access my computer from home, a coffee shop or on the go .....
I would also want to have access to the business PC from my laptop or android tablet (and android smartphone) when I am away from the home office ..

I would ideally like it to be setup with separate user names and passwords.

I do not know what setup is best for what I need. I’ve done basic research on VPN, Server, Remote Desktop (the learning curves are killing me) .. but don’t know enough to know which configuration is right for my circumstances ..

Priority is simple, and inexpensive. Yet very secure ..

Discussion is locked

- Collapse -
Answer
Given the advanced nature and requirement.
Sep 5, 2015 9:31PM PDT

Why not make 2 networks and each gets their own internet access?

I bet you will balk at the 2nd internet connection but given the cost of IT today, it's the cheap exit.

- Collapse -
More specifics, please
Sep 5, 2015 11:26PM PDT

The idea of 2 networks and both being internet accessible sounds interesting. Can you be more specific?

- Collapse -
two or three routers
Sep 6, 2015 12:02AM PDT

You can use a front router for general purpose, feed a second router off one LAN port and have it be more specific. Each router on wifi would have it's on channel, SSID, and preferably a bit of distance from each other. Both routers use their own DHCP range of IP addresses, no overlap.

Another method is a cheap 2 port router to split it between two better routers behind it, so each of the back routers are completely separated from each other.

I think Rob is talking of the absolute plan which is to spring for the cost of two connections by modem to the ISP, thereby getting two different IP from them and greater overall bandwidth too from the second cable coming in.

- Collapse -
.. kidding, right?
Sep 6, 2015 11:46AM PDT

Rob, were you seriously suggesting paying Comcast for a second internet account?? ... I think I'll just assume that you A) didn't read my post and just answered off the headline, or B) don't know how to solve my situation and so just tossed out an absurd answer to be funny ........

I'm just a carpenter, and even I know that that is not a solution ........


James ..
I can see what you are saying about using two routers, but is that going to give me (secured) access to the desktop via the internet?

"My bookkeeper recently moved out of state. What I would like to accomplish is setting up the HP PC on its own to where she and I both can securely access it. Her over the internet, and myself either in front of it or over the internet when I am not in the office."

I've looked at Remote Desktop applications, and although they will give me almost exactly what I am seeking, the security issue with connecting that computer directly to the internet is a huge concern ...

- Collapse -
Re: kidding
Sep 6, 2015 12:16PM PDT

Bob wasn't kidding. He meant indeed that having 2 separate Internet connections (say, ADSL for the business and cable for the family) guarantees total independence. What's wrong with that?

Another way then:
Windows networking in a non-domain LAN requires that all PC's have the same 'workgroup'. So giving your business PC it's own workgroup effectively isolates it from the other ones. Ready.

And a totally different idea: go to the cloud with the business IT. Use Office 365 for all Office things, use a cloud based bookkeeping package and everybody with the right password can access it from anywhere. If your bookkeeper can't advise about bookkeeping in the cloud it's time to find somebody else.

Or look at at the other way around: since you have only one bookkeeper but a bookkeeper usually has many clients most bookkeepers run their bookkeeping applications on their part of cloud (or on their own server), giving their clients access where necessary.

Running your own server and software or using a remote desktop solution for this purpose is getting really quite outdated.

Kees

- Collapse -
I wasn't kidding.
Sep 6, 2015 12:27PM PDT

Trying to solve this with just one internet connection can test IT staff's skills. A second internet connection and it's own LAN should be an easy solution. I see Kees has written another path but I read your post and took your word you want the 2 LANs to never see each other as well as your head was close to exploding.

- Collapse -
Internet Access and Security
Sep 6, 2015 1:45PM PDT

Any computer that has connection between it and internet is vulnerable to lesser or greater degrees. Usernames and passwords are fairly effective if both are done well, such as using special characters (if allowed) and made longer than 5-10 characters.

Obviously the both of you want to share files on the computer. You could create a folder that is given FTP privileges and then set up an FTP port forwarded to it for a domain name. Another way is to have a hosted account on a server which someone else has to take care off like godaddy, networksolutions, etc. Each of you could set up a link in your File Explorer to the FTP so it will be just like a folder in Explorer, under the Networking area. Once setup anytime you clk on it, the FTP site will open automatically and you can move files to, from, and delete as you choose, just like it was a folder on your computer. In fact I do that a lot, especially for image or video files I share to CNET here in posts.


Example;
http://glenburniemd.net/CNET/MyFTPsite.png

username and password protected, available to me from anywhere I'm at an internet connection.
See my AVG folder there. If you try to access it, you get a rejected page notice.
http://glenburniemd.net/AVG/

If you try to FTP it, you get username and password prompt.
ftp://ftp.glenburniemd.net/

I can give separate passwords to subfolders and share access to someone else for just that folder.