Networking Question: Computer isolation

Hey there! I'm wondering what (if any) is the best way to isolate a PC in my house from the rest of the network (a business-oriented machine) so that if any of the other (wireless) laptops are compromised it won't affect this one (wired desktop)? The business machine is strictly dedicated in terms of allowed IP addresses to visit and only runs a few programs (Win 7 64x). I've read there is a way (short of the expense of another line) using 3 routers though I'm not sure how this is done (I think it's a Gibson GRC method though I can't find it). I've read of possible Linux based solution using untangle (I have a spare Pentium 4 I could dedicate to this if it works). Any ideas/references would be appreciated! Thanks.

 

the biz machine still has to connect to the inet but not to interact with the machines in the LAN, that about right? then the machine should be on a separate subnet. there are routers offering such, e.g. FritzBox by AVM, where a separate guest WLAN (subnet) is included. basically it is intended to provide guests with a WLAN inet access when at your place but keeping them out of your LAN

 

Thanks V, that would be a great solution -- but do you know if the guest connect can be wired? My present router has a separate guest connect but its wireless only. If it allows for a wired connection then I'm done! Thanks again, -- S

 

you would need to consult the manual of your router about the IP settings (subnetting) of your W/LAN. Some routers may have separate subnets for wired and wireless access or able to emulate such. If you cannot find something in the manual you may ask the manufacturer of your router or hook up in a forum covering that model. or just try it out and see what IPs you are getting on wired and wireless connections with the router.

 

alternatively you could deploy a network switch with vlan capability hard wired between the router and the biz machine. that way creating a separate subnet.

 

this router has build-in Ethernet and WiFi Virtual LAN segmentation