Network Security on an Unsecure Network

Topic

New Reply

I live in a condo complex that includes internet service as part of our monthly dues. Unfortunately, the network is open, not secured.

I would like to setup a sub network for my computers and network attached storage that is protected while still getting to the internet through the condo network.

I use wired Ethernet connections for the PCs and the NAS plugged directly into the condo router. They are setup in a separate Win7 (64bit) workgroup and secured with a workgroup password. I realize that this is not ideal, since the workgroup name is visible to all on the condo network and passwords can be hacked.

I have 2 questions. First, is there a way to make my workgroup name invisible to the condo network so no one will even know it exists ?

Second, is there a better way to set this up that wouldn’t be cost prohibitive ?

I thought about using a switch plugged into the condo router, but there is no additional security in a switch. I tried using my own router, which has a firewall built in, plugged into the condo router, but there seems to be a conflict between my router and the condo network router. I keep losing internet connectivity and have to reboot all my devices to reestablish internet access. I don’t know if it might be a setting in my router (I use default settings in a Netgear ‘N’ router).

Any ideas would be appreciated.

Reply | Quote

Replies

I think the router is the way to go, set up your own network on that, but you need to set your router to use a static I.P. connection to the condo router.

So say the condo router was using 192.168.2.## as assigned local I.P. addresses, most likely you would set your WAN default gateway to 192.168.2.1. To determine what your default gateway actually is, check the detail properties of you local area connection adapter before inserting anything inbetween your system and the condo router. Then ideally you would assign your router’s static I.P. address the lowest available in whatever range of I.P. addresses the condo router has but those lower ones are probably already being assigned to other resident connections and I’m not sure there’s a way to check what range the condo router has available without getting into the settings of the condo router so you might have to go high and experiment a little to find the range. To use the example already given, the full range available would be from 192.168.2.2 to 192.168.2.253 or so, but the condo router may have a much smaller range assigned. Maybe starting at #.#.2.10 and only going to #.#.2.50, or any variation that is likely to be sufficient to cover all the local user assignments.

Once you establish a stable local static I.P. address connection from your router to the condo router you can use your router’s DHCP to assign your own range of LAN I.P. addresses.

Also since you probably don’t know what your DNS server settings might be, I would set them to Google’s server (8.8.8.8 and 8.8.4.4) or use the OpenDNS settings for your router’s primary and secondary DNS server.

Reply | Quote

I’m not sure setting the second router’s WAN side to a static IP is really necessary, but I think it’s crucial that it’s LAN side be set to a different subnet than the WAN side (the condo’s LAN side). IOW, if the condo router’s LAN side is set to 192.168.1.xxx and the OP’s router is set to 192.168.1.yyy, there’s bound to be conflicts. (I’m assuming a netmask of 255.255.255.0 here, which is probably the case.)

I *think* all rziulek needs to do is look at his computer’s IP when connected directly to the condo’s network, then insert his router in the middle and set it to a different subnet. If the condo’s LAN is 192.168.1.xxx, for example, then he should set his router to 192.168.2.1 and everything should work.

I don’t consider myself a networking expert, so hopefully PaulT or one of the networking gurus will jump in and correct me or explain things more clearly for rziulek.

Reply | Quote

The router has to know what the WAN side connection information is or its not going to get an Internet connection or be intermittent at best. Maybe if it auto configures a static I.P. connection based on DHCP from the condo router but as you probably know, there is also PPPoE, PPTP, L2TP and Static…the conflict you mention is based on same base gateway I.P. address of the routers and that would be easy to check using the gateway received from the condo router and the information provided with the private router or get it from the manufacturer’s website for that model.

Oops, I see you mention that last bit for the most part later in your post, good. I have three in line routers and prefer a static I.P. address when connecting router to router so I have hard numbers to check and verify for troubleshooting instead of trying to figure out what router to router I.P. address I have currently. For that matter, I don’t even know if my router(s) would autoconfigure.

Reply | Quote

Thanks to both of you. I checked the subnet masks and both routers were using 255.255.
254.0. I changed mine to 255.255.253.0 and so far so good. In the past, I would lose internet connectivity after a day or 2. If that happens, I’ll come back to this thread and update it.

I really appreciate your help. I would have struggled with this without your help.

Reply | Quote

As dg said, use a different network on your LAN.
Set your router to use a mask of 255.255.255.0 for your LAN. This will give you 254 addresses to play with. Setting it to 253 is not correct.
Let the router obtain an address via DHCP from the condo network.

cheers, Paul

Reply | Quote