
Ask HN: How do you secure home network when you're not the only one using it? - alex77456
Partner, kids and guests, you cannot expect everyone to follow good security practices.
Heck, often you cannot even trust a lot of the software you use. So what do you do? Separate guest network? Separate network just for yourself?
======
kjs3
VLANs. Pretty much everything supports them now other than the crappiest
commercial gear.

I have:

A "front-door" network, which is the network behind my firewall. Anything
internet facing is there, as well as monitoring tools (e.g. Snort). Things
here can't talk back to more interior networks.

A "family" network. Generally untrusted, all the phones, iThings, IoT that I
decide actually needs to phone home, kids laptops, etc. There's a guest WiFi
that dovetails here.

A "work" network. Network for my wife and mine work laptops and other work
specific resources.

A "service" network for all the backend stuff.

I have an OpenBSD firewall segregating things. The fileservers are VLAN
attached so they have an interface on each network.

------
rolph
subnetting

its like putting up laneways in your network

its also possible to relay an internet connection from a primary router to a
secondary router so you can have control over the traffic to and from the
guest router

use an alternate DNS there are ones that filter certain content

you could also encrypt the network traffic

