allowing friends to access internet, but not my network

[MrDarn]

Hi!!

Well, its all in the title!

Often my friends come round, and ask to access my router on their phones etc, but i'm worried about them being able to access my networked computers. I also want a seperate password for them than i use.

Is there an easy way to set up an access whereby they will only be able to access the internet, and not see my other computers on the network?

I've obviously tried a google search, but i cant get the right search phrase. the solutions i have got involve switches and second routers.

Basically, i want something like what you get in pubs and restaurants, where you can access the internet via a password, but not see anything on the network.

My router is a thompson TG585 v8. connection type is WPA - PSK, i use PlusNet and if it matters, i have 2 win7 machines, 2 Vista machines, an IPhone and 2 playstation 3's curently connected. (Wirelessly, nothing wired.)

[zep516]

I'd take it to network support at geeks to go or Bleeping computer. Need links?


http://www.geekstogo.com/forum/forum/11-networking/

http://www.bleepingcomputer.com/forums/forum21.html

Joe

[abseh1]

They should not be able to access your workgroup unless you let them in your group

The workgroup is protected via a password or in win7 via a long access code

I let friends use my wireless when the are @ my home....but they can not use my printer or access my network...unless I share the printer or allow them in my workgroup

I hope I understood the question

[MrDarn]

You have basically understood, except i do not have the computers "networked" just "on a network". i can see how you thought that from my poor description.

My friend is a little more savvy than me with networks, and can easily see the other computers attached to my router.
What i don't want is for any banking info to be seen etc.

Pretty much, what i'm asking is, how do they do it in pubs etc, whereby you land on their access page with the latest special offer, and have to click "accept" to get online?

Checked out those forums Zep, but they too suggest multiple routers, an no real way of creating that splash page.

[Digerati]

I put my "guests" on a different network from my machines. I have all my systems connected via Ethernet, and guests use Wifi, or Ethernet connected to a different router. A badguy cannot hack locally into my Ethernet connected computers without physically being inside my house and attaching a cable to my local network. I would notice my guard dog licking his face.

You can have several routers on your network - without degrading network performance (remember, your ISP bandwidth will be your biggest bottleneck - unless you have some really old NICs). Or add a WAP (wireless access point) for guests. If you have an old WRT54G, you can just use just the WAP side or both router and WAP. I use a WAP11 and power it on only when I want to sync my Palm PDA to my main computer. But I can also use it to isolate guests - if I didn't trust them. My two wireless networks don't know the other exists, and my guests don't know I have more than one network either, unless I tell them. And that setup was not hard to setup.

If you have kids, you may trust them, but you cannot, must not assume all of their guests are trustworthy. If you live in a crowded neighborhood, anyone can easily "see" your network. Disabling SSID broadcasting will only block a nosy neighbor. It won't slow down even a wannabe badguy, but for a second. The RF (radio frequency radio waves) is still there, whether you broadcast it's label with it, or not. So don't name your SSID after your dog, or something your nosy neighbor, seeing your network, might guess and it is safe to have SSID enabled.

Still, while you do not have your computers networked together (or in a workgroup) abseh1 is still right in that they should not be able to see you, unless you let them in. Can you see your other computers now? Can they see you? Do you have sharing enabled on your personal machines? You do have a software based firewall running on all your personal machines, right? And you do require a password to get into (and wake) your personal Windows accounts, right?

As far as separate passwords for guests, if not using a second router, you will need to check your Thompson menu options to see if you can have more than one password, depending on who is connected. Again, with a second WAP creating a second wireless network just for guests, that would use a different PW than your own WiFi network.

Having said all that, I think you are right to be concerned - especially and most importantly with wireless connections (where a badguy could be across the street, or even down the street with a directional antenna). But if you typically practice safe computing with all your personal systems, that is, if you changed the defaults passwords on all your network gear, you keep Windows and all your applications current (with emphasis on major patches, critical Windows Updates, and security apps), and you avoid risky behavior (like illegal filesharing via torrents and P2P sites), then you should feel confident your guests on your network can't access your computer, even if they wanted.

Of course, I realize not everyone has the luxury of being able to wire their whole house with Ethernet when redoing the basement ceiling. So sometimes WiFi for your personal, main computer is necessary. But if you can isolate computers using separate network appliances, that's the way to go.

I personally am a bit of a Luddite when it comes to smartphones. I am 60 but staying on top of the latest in electronics has been my career and hobby since I was in my early teens. But for some odd reason I still think a phone is for talking. Nevertheless, I know it takes very little effort on the part of a conscientious computer user (PC or notebook) to thwart all but the most experienced badguy who is on a mission targeting you specifically using a full sized computer and special hacking tools. Especially if you are using Windows 7 (and more so with 64-bit Windows 7). The vast majority of badguys are as anonymous to you, and you are to them and they commit "crimes of opportunity". They peek. If they see easy pickings, they grab and run. If they don't see easy pickings, they move on.

But from a smartphone?

If there comes a time when there is someone in your house you suspect might go snooping, log off and power down your computers, then keep an eye on him.