Guest PC On Home Network

[Guest]

So, I have this event in which there would be a "guest" on my home network via WiFi, and I'm just wondering what they could do in terms of "harm" to the other devices on the network or the network itself. Also assuming that all devices would have sharing off except for the guest PC - (I don't think it would matter because file sharing would be off for all other devices, but just checking to be sure). 

[RedWulf]

Other than taking up some bandwidth it should be fine unless the guest is a hacker. maybe be sure passwords are protecting everything or sharing is limited. 

[mikat]

how skilled are the people that you give your wifi password to with computer hacking and that kind of stuff?

[TechFnatic]

I mean, if they have access to your router then can plug-in and do shit there like run a network analyzer, but if they're strictly on wifi you're fine. 

[Guest]

3 hours ago, RedWulf said:

Other than taking up some bandwidth it should be fine unless the guest is a hacker. maybe be sure passwords are protecting everything or sharing is limited. 

If they were a hacker, what could they do? I've had unfortunate encounters myself with a grey hat that was able to see my private separate offline network that was connected to my PC which was connected to the internet - which is an issue I'd like to figure out how to clean up, but I'm not sure what to do

[RedWulf]

well depending on the skill anything from just shutdown your other devices to upload ransome ware and fine whatever private info you have or frame you with various illegal sites. 

[Guest]

3 hours ago, mikat said:

how skilled are the people that you give your wifi password to with computer hacking and that kind of stuff?

That's the thing, I don't know, it's just one person

[Guest]

3 hours ago, RedWulf said:

well depending on the skill anything from just shutdown your other devices to upload ransome ware and fine whatever private info you have or frame you with various illegal sites. 

I would love to know how to stay protected from that kind of stuff but I don't know where to go for that kind of information

[RedWulf]

One person with a pocket sized pc can destroy businesses. But, if they're in your home and on your wifi(expcially more than 5 hours, there's not much you can do. The most secure way is to either set up a separate wifi.  

[kevink817]

25 minutes ago, RedWulf said:

One person with a pocket sized pc can destroy businesses. But, if they're in your home and on your wifi(expcially more than 5 hours, there's not much you can do. The most secure way is to either set up a separate wifi.  

Even a seperate wi-fi access point wouldnt help, since the 'guest' would still be on the same subnet and see all the same traffic

 

You could use a firewall appliance and seperate VLANs to segregate the 'guest' PC traffic to the internet, but that is an advanced configuration, and requires business level hardware.

 

If your wi-fi router/access point supports it, some offer a feature called 'client isolation' where connected devices can't talk to any of the other devices on the network except the gateway (to the internet), but you can't enable that only for the 'guest' PC - it would affect all of your wireless devices.

 

In reality, if there is someone you don't trust enough to not hack your network while they are connected, don't let them connect. Also, make sure you are using WPA2 authentication on your Wifi, don't leave it open (no password) or use WEP.

[RedWulf]

1 minute ago, kevink817 said:

Even a seperate wi-fi router wouldnt help, since the 'guest' would still be on the same subnet.

 

You could use a firewall appliance and seperate VLANs to segregate the 'guest' PC traffic to the internet, but that is an advanced configuration, and requires business level hardware.

 

If your wi-fi router/access point supports it, some offer a feature called 'client isolation' where connected devices can't talk to any of the other devices on the network except the gateway (to the internet), but you can't enable that only for the 'guest' PC - it would affect all of your wireless devices.

 

In reality, if there is someone you don't trust enough to not hack your network while they are connected, don't let them connect. Also, make sure you are using WPA2 authentication on your Wifi, don't leave it open (no password) or use WEP.

make sure wps is disabled, wpa2 can be brute forced so use a long or very odd password. If said person can physically get to your router you're out of luck. Maybe take up some hacking of your own and monitor the persons actions. 

[Noah0h]

On My Home network I have 3 Wireless Networks:

2.5 GHz Netowrk BroadCast   - *SSID* 2.5 GHz

5 GHz Netowrk BroadCast    - *SSID* 5 GHz

2.5 GHz Network BroadCast   - *SSID* Guest

 

The First 2 networks are connected to the same Network (SubNet).

But the Guest Network (The 3rd one) is on it own network (SubNet).

 

This is automatically handled and organised by My Router. I'm using a Linksys EA6350 (Its Consumer Grade)

 

My Future Plan is to Disable the DHCP Roles and make a PFSense Box or get a Firebox (By WatchGaurd) and put PFSense on it. Then put on some Bandwidth, Anti-virus, and some VPN roles/apps/pacages.

[RedWulf]

4 hours ago, Noah0h said:

 

But the Guest Network (The 3rd one) is on it own network (SubNet).

 

My Future Plan is to Disable the DHCP Roles and make a PFSense Box

Actually thats an idea in itself, depending on how easily you can learn software and if you have a PC/laptop you could go without for the duration of his stay(with wireless card) you could use the open source PFSence to set up a network and relay it through your router. It would still have access to your network but you would have a much better chance of limiting access. I haven't messed with it much, but someone who has more experience with it could help you. If you have a spare laptop with a gig of ram and a wireless card start a new thread for it.