Set up a guest network that’s actually secure

[Brian Livingston]

PUBLIC DEFENDER Set up a guest network that’s actually secure By Brian Livingston In the computer industry, too many things that should be simple and
[See the full post at: Set up a guest network that’s actually secure]

4 users thanked author for this post.

Mr. Natural, Fred, Microfix, abbodi86

Reply | Quote

[anonymous]

If you are sophisticated enough to consider VLANs then you’ll need a quality firewall/router, VLAN capable switches that are managed to some extent, and wireless access points that support VLANS and multiple SSIDs.

For the firewall/router I would suggest looking at pfSense.  If you want peace of mind you can buy devices directly from the company that sells pfSense, or you can roll your own with the free community edition and generic hardware optimized for firewall/router use.  You can even use any old hardware you have as long as it meets minimum specs.  It is powerful, flexible, and very easy to learn and play with.  Lots of tutorials on the web.

As for switches, I’ve had good success with Netgear (except the newest models where cost reductions have hurt the product), Mikrotik, and Unifi.  For wireless connectivity the Unifi APs would also be something to look into as they perform well, are flexible, and seem reliable.

Reply | Quote

[Tom]

I have a Netcomm VDSL router/switch/wi-fi base station (NBN network in Australia) that has 3 guest networks for each of 2.4GHz and 5GHz WiFi. Once you enable a guest network you have the option of allowing guest access to your main network but that is turned off by default. Each guest network is automatically separated from every other network.

I’ve enabled guest access to a IoT device that monitors my solar panel production on 2.4GHz and have another guest network on 5 GHz for family and friends’ phones and laptops. My main network is protected.

Setup was very straight-forward but then I’m not a noob.

Reply | Quote

[wdburt1]

I followed Michael Horowitz’s recommendation and bought the Pepwave router. It has been providing the wifi for my internet computer for a couple of months now. The main advantage, IMO, is its configurability, starting with the ability to specify your own username.

His web site discusses setting up a guest network but gives us the option to install one router behind another. I did that, using the Netgear router that the Pepwave replaced to feed the IOT, which at this point includes only a so-called smart TV and soon will include an audio streamer. Experience so far is that everything works OK.

Reply | Quote

[KP]

I would like to hear some comments on open-source WRT routers.

If anyone can point to article reviews of WRT routers, it would be helpful too.

Reply | Quote

[Michael432]

Why the interest in WRT routers? In the old days it was to add features, but those days are over.

Personally, I have little interest in WRT based routers for two reasons: tech support and ongoing firmware updates. I suspect you will have to hunt a bit to find a WRT based router with both good tech support and a reasonable expectation of ongoing updates.

As for reviews, there are probably not many. The tech press makes money by getting commissions when people buy something. Thus most router reviews are full of nothing but praise. There is no money to be made by suggesting people use free software.

Get up to speed on router security at RouterSecurity.org

2 users thanked author for this post.

Perq, KP

Reply | Quote

[SkipH]

At: KP

All you probably (don’t) want to know about DD-WRT compatible routers at:

https://dd-wrt.com/

Has info in their database on what routers support what versions of DD-WRT and what routers to avoid buying because they don’t have enough RAM or ROM to use the latest version(s).

And downloads of various versions for routers in their database.

 

• This reply was modified 1 month ago by SkipH.

1 user thanked author for this post.

KP

Reply | Quote

[Michael432]

Is there an emulator where someone can get a feel for the GUI interface of DD-WRT?

Get up to speed on router security at RouterSecurity.org

• This reply was modified 1 month ago by Michael432.
• This reply was modified 1 month ago by Michael432.
• This reply was modified 1 month ago by Michael432.

Reply | Quote

[Paul T]

Not that I’ve seen.

The interface tends to change regulary as things are added / changed. The doco onsite is well behind.

cheers, Paul

Reply | Quote

[Paul T]

There is a VM here.

DD-WRT VMware Appliance (OVA)

cheers, Paul

Reply | Quote

[Paul T]

I use a TP-Link Archer C7 with DD-WRT. Does what I want the way I want it, but if you are not network savvy it is a nightmare to configure.
I do not recommend WRT for ordinary folk.

cheers, Paul

1 user thanked author for this post.

Michael432

Reply | Quote

[bbearren]

DD-WRT is not easy peasy, but it does give one extensive control over a router/switch.  There is a great deal of information available online from many sites.

As for a secure Guest network, I have no real need because of the way I have my home network setup.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

"When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns

"Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

Computer Specs

Reply | Quote

[Author]

Posts