You have probably encountered many times the situation where a family member or friend came to your home and needed access to something on your network. Maybe they need a computer to work with a Word document, maybe they need to print, maybe to scan a document, or Skype or FaceTime with someone.
I have many relatives, and I am not very worried about what they can get or not, because I trust them. However, when someone else comes and stays for a couple of nights, I try to be more strict. You currently don’t know who has the skills to browse your network and access your computers or devices.
My home network has 5 computers, 2 printers, 1 IP camera, 2 routers, a couple of media streaming devices, and a network connected storage device with 2.5 TB of personal data. My biggest concern is about people accessing the NAS device. I could add some extra protection to it, but it makes my daily use more difficult.
Fortunately, there are several things you can do to give people access to your local network, but at the same time not give them access to anything other than the Internet. In this post, I’ll show you how to truly cordon off your network so that when someone you are not 100% sure about wants to connect to your network or use your computer, you can be sure they aren’t. will do. can access everything you don’t need.
Set up guest networks
If someone wants to connect to your home wireless network from their computer or smartphone, you really can’t prevent tracking if you give them access to your main wireless network. This means that if everyone connects to MyHomeNetwork via Ethernet or a wireless network, and you give someone access to that wireless network, they can access everything else on the network.
There are ways to handle this type of situation, such as network isolation, which means that no device on the network can communicate with any other device on the network, but it will make it impossible to use your own network. This is great for public Wi-Fi hotspots where you don’t want the person at your Starbucks desk to have access to your computer, even if you’re on the same wireless network. Read my previous post on network isolation for Wi-Fi networks to find out more.
It is better to have a separate guest wireless network instead. You can now do this in one of two ways: either you enable the guest networking feature on your wireless router if it supports it, or you buy a really cheap secondary wireless router and plug it in for guests. I have a Linksys Cisco E2500 router at home, and what’s great about these routers is the built-in guest networking capability.
Log in to your router and go to “Wireless” and then “Guest Access”:
Turn on the guest network, give it a password, select the maximum number of guests that can connect, and you’re done! Guests can now access the internet, but if they start digging around your network, they won’t find any devices or anything else connected to the main network. Essentially, it creates a wall between your network and the guest computer.
The only problem with this approach is that it requires some technical know-how. You need to log into your router, find the correct settings and then turn it on. Secondly, many routers do not have guest access, so what then?
Well, in these cases, you can buy yourself a second wireless router and connect it to your network with a different subnet, SSID and password. You can get a used D-Link Wireless G Router from Amazon for about $ 14 shipping. Then you can read my post on how to set up a second wireless router on your home network
Now the only problem is that you will most likely have to connect the second router to the first. This is because there is actually only one cable going from your ISP’s primary modem to your wireless router. So, in order to connect the second router, you will need to connect the second router to the first.
However, thanks to NAT, the two networks will be able to communicate with each other. This is still better than having only one network, because figuring out that the second network exists and getting information such as DHCP information for the second network is not a trivial task. If someone comes to you who knows how to hack, there really isn’t much you can do if you don’t make everything super secure, which no one really does.
We’re just trying to prevent computers and NAS devices from showing up on anyone’s computers when they open Finder or Windows Explorer. This is enough for 99% of people. There is a technical way to prevent the two networks from communicating, but this requires the use of a DMZ and is too complicated for what I am trying to show.
So these are your two main choices in terms of wireless networking. If your router supports this, the easiest way is to simply turn on the guest network. Otherwise, you can purchase a cheap used router, plug it into your first router and give it a different SSID and password.
Share printers and scanners
Apart from being connected to the internet, the next important feature people ask for is print and scan. I usually hear to print a boarding pass or something like that. Now, if you have users connected to a separate wireless network in your home, printing may not be possible if the printer is connected to a different network.
In case you have a printer that connects with a cable, just plug the printer into their computer if they have one, or just use your own computer and print what they need for them. If you have a wireless printer and they want to print from their computer, the best way to do it is to use Google Cloud Print. If they have a Google account, you can simply give them access to their printer via email and they can print from their computer without having to install any drivers or anything else!
I wrote a complete guide to setting up Google Cloud Print that walks you through the process of setting up your printers so you can print to them from anywhere in the world, from any device. The best thing about this method is that it works with any type of printer: wired or wireless, old or new, connected to your network, or connected to your computer. It’s very easy to set up and the ability to share your printer with someone via email is amazing.
As for scanners, you can either plug it directly into your computer, or use a USB stick and plug it into the scanner if you have a generic device.
Computers and guest accounts
There are times when a guest has to use one of your computers to do their job. In this case, the best option is to register them on your computer using a guest account. By using a guest account, you can be sure that they will have limited ability to change computer settings and, more importantly, will not be able to access confidential documents, emails, passwords, browser history, or anything else.
The nice thing about a Windows guest account is that it doesn’t allow the user to install software, which can be a real problem if you have a younger adult or child who wants to use your computer. They cannot change any system settings, add hardware, or create / change a password for the guest account. It’s pretty much locked down and you don’t have to do anything other than make sure you’re signed into that account before granting them access.
Usually the Guest account is disabled by default in Windows, but a quick Google search will show you where in the Control Panel you need to navigate to to enable it. After that, you will see the guest account next to your regular user account.
On Mac, you can also enable a guest user account. Just go to System Preferences, click Users & Groups, and then turn on Guest.
Of course, you always need to make sure your primary Windows and Mac user accounts have passwords, otherwise the person might just log out of the guest account and then just click another account and log in if there is no password. P>
Finally, if you are like me, you may have an old computer or netbook lying around that you no longer use. In that case, just wipe it down, install a fresh copy of Windows, install local printers, and enable the guest account. If anyone needs a computer, just give them a spare, which will be locked, and you’re done.
If you have a different setting to give your guests access to your local network, let us know in the comments. Enjoy!