I've got a small network and want to isolate one of the computers from the whole network.
My Network:
<----> Trusted PC 1
ADSL Router --> Netgear dg834g <----> Trusted PC 2
<----> Untrusted PC
I want to isolate this untrusted PC in the network.
That means the network should be secure against :
* ARP Poisoning
* Sniffing
* Untrusted PC should not see / reach any other computers within the network but can go out the internet.
- Static DHCP and switch usage solves the problem of sniffing/ARP poisoning.
-
I can enable IPSec between computers but the real problem is sniffing the traffic between the router and one of the trusted computers.
-
Against getting a new IP address (second IP address from the same computer) I need a firewall with port security (I think) or I don't think my ADSL router supports that.
To summarise I'm looking for a hardware firewall/router which can isolate one port from the rest of the network. Could you recommend such a hardware or can I easily accomplish that with my current network?
Best Answer
Solution 1: Hide untrusted PC under another router. This will solve arp-spoofing/mitm problem.
Solution 2: Use any router with DD-WRT firmware. There you can setup different Wireless LANs and even put them in different VLANs. Too bad that ADSL modems aren't supported by it.