Network Separation for Security and Privacy

[RedShark]

I have recently moved into new rented accommodation and as part of the contract there is a provided internet connection in my property. However through further investigation it appears this internet is a shared connection used between multiple different properties for a group of about 50 people. The problem here is that (I am assuming to allow certain uses) the network does not have any form of device/network isolation enabled on it meaning that all devices connected to the network can see and be seen by other devices on it. This means that while, for example I can use my Chromecast on the network so can the other 50 people over the other properties which is an annoyance to me as are the many other security issues that come along with a setup such as this.

 

I have been trying, but not successfully to find a way to isolate my own portion of the network so that while I can still have access to the internet through the provided line (I can't have another one installed) and have my devices be able to communicate with each other; other people using the network are unable to see/access/use any of the data/devices I have connected. I am also trying to do this without having to spend large amounts of money as this accommodation is only temporary for the next year or so. 

 

I have two Ethernet ports within my accommodation and can add to them however I like but I am not able to change or have changed any of the settings on the main networks routers, modems, switches and access points. I was thinking about using another access point connected to one of the Ethernet ports through a managed switch on a VLAN but have been unable to get this to have the desired affect and to be honest am not even sure if it is possible to get a setup like this working in the way I wish to, especially the more I understand about how these things work.

 

I am not shy of trying/setting up more complicated things with computers (I am a software student) but networks are not my strong point and I am a little stuck at this point. Any help about how to do this, or information on if it is even possible with the restrictions I have would be greatly appreciated. 

 

James

[COUPER MILLAR]

You may be able to use a pfsense box to set up your own sub network. By attaching an access point and a network switch you would be able to establish your own private network. 

[beersykins]

Just using your own router will firewall/PAT you off of everyone else.  Then your devices like Chromecast would be on your own network and not reachable by others unless you did something like manually port forward.

 

Your upstream traffic could be captured/inspected, things like HTTPS sites and VPN should be okay, it's not really any different than any other device connected to the internet, although you have more of a local attack/sniff area from local users.

[RedShark]

2 hours ago, COUPER MILLAR said:

You may be able to use a pfsense box to set up your own sub network.

 

1 hour ago, beersykins said:

Just using your own router will firewall/PAT you off of everyone else.

Thank you both for the replies. It appears in my own stupidity I have been trying to do this using an access point/switch combo rather than with a router of my own to provide the break and then access points and switches built in or after.

 

I will give this all some research and a try and comment back here how it goes.

 

One question I do have, given the router will be connected via Ethernet to an already established network (not directly to a modem) does it work any differently in terms of setup/requirements or if I have an old (non provider) cable/adsl router lying around should that do the job?