0

My employer has supplied me with a work computer, a MacBook, which contains classified/proprietary information. I would like to connect it to my home network, but am worried that a) My employer could record or monitor traffic from other connected devices or b) Users who connect to my home network could access data/traffic from my work computer.

How could I go about isolating my work computer without sacrificing internet speeds and stability? I’m imagining some kind of isolated subnet or inter-subnet firewall, or perhaps just putting it on a guest network? If it matters, I have a Netgear Nighthawk router and Verizon FIOS.

Improve this question
6
  • Normally a strong userid and password provides sufficient isolation That is what companies do in an office environment. You can add a router and isolate the Work PC onto its own network but that seems overkill.
    – anon
    Commented Mar 31, 2022 at 22:11
  • Windows I presume?
    – Gantendo
    Commented Mar 31, 2022 at 22:16
  • @Gantendo Work computer is a MacBook
    – v0rtex20k
    Commented Mar 31, 2022 at 22:22
  • 1
    Setup vlans this requires hardware that support vlans. There isn't one way to do that particular solution. It appears you have more research ahead of you before an answer can be submited.
    – Ramhound
    Commented Mar 31, 2022 at 22:40
  • 1
    Most consumer wireless routers offer guest networks that are isolated from the "regular" networks.
    – music2myear
    Commented Apr 3, 2022 at 3:56

1 Answer 1

Reset to default
2

There are a handful of approaches, from the most overkill to least overkill:

  1. Completely separate ISPs and network hardware. E.g., purchase a business internet line, connect its modem to a separate router, connect your MacBook to that router. Conceptually the simplest, but also the most expensive.
  2. Same ISP, separate hardware. E.g., there is at least one shared piece of hardware (typically a router) that handles partitioning the home and work networks, and this is its only purpose. This router would route to home and work routers which then handle their respective devices. Requires more hardware, and configuring that hardware.
  3. Same ISP, same hardware, with VLANs. E.g., you can use your existing router, and configure it to use a separate "work" VLAN for specific ports. With this configuration, both networks are meant to appear physically isolated; that is, they could both utilize the same subnets. Requires hardware that supports VLANs. Often times this is a commercial feature not available on consumer hardware.
  4. Same ISP, same hardware, separate subnets. E.g., work is on 192.168.1.0/24, home is on 192.168.2.0/24. Configure firewall to not permit traffic between these subnets. There may be configuration involved in setting up DHCP servers and WAN IPs for each individual network, and consumer routers may or may not expose this ability.

I'd start with option 4. If your router supports defining multiple wireless networks with different SSIDs, then this is typically how they implement it (separate subnets, firewalled off from each other) and will likely be sufficient.

If nothing else, setting up a "guest" wireless network with a password that has no other limitations on bandwidth that your work machine connects to will likely suffice.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .