Unless you decide to descend into the realm of the dark web…
Why my work pc is on its own vlan as well.
These days you don’t really need to do that unless you are using old software on your work PC. Most modern commercial PCs are set up with inbuilt VPNs with local breakout for local printers as well as internal OS firewalls etc.
There is an argument to seperate certain devices that don’t need to talk to anything else in your house on their own vlan that have low grade security or cyber defences.
VLANs are very simple to do, but don’t offer much in the way of security for most domestic setups, other than very rudimentary protections for modern devices… and provide much potential complexity if you need to route between the networks safely.
I used to run separate home and work vlans when I had two broadband routers, so effectively each vlan ran in its own local VRF… but now I share a single broadband access with simglecRFC1918 address space and therefore one network, and I take advantage of best practice cyber discipline and keeping OS and runtime builds patched which gives me better protection and flexibility.
But for home experimenting, curiosity and self education there is nothing wrong with playing with these options…
As we said before the unifi firewall in the dream security gateway (out of the box) allows to setup firewall lan rules preventing iot devices from initiating communications with devices on the main lan and prevent access to gateways. Lan in, Lan out and lan local rules. I have about 10 rules which by default drop communications initiated by devices I don’t trust unless its to my dns sinkhole. Easy to configure in unifi but I imagine most consumer routers don’t have the same level of functionality or make its as simple to setup. It also automatically blocks certain traffic types.
And have firewalls on my pcs and nas so as you say belt and braces
Many domestic apps and products are designed to work in a single network. Directed broadcasts are not considered that safe these days and helpers can get quite involved.
A firewall has the access rules, the router sets up and defines and manages the routing table. For other than rudimentary protection your internal firewall needs to be stateful at least, and ideally be an application firewall, so the rules apply to the protocol interactions, not simple addressing / port access lists.
Anyway I think I’ve said before… no harm with playing with it, but my advice if it means anything, don’t rely on it unless you are using at least stateful preferably application based firewalls, best focus on keeping devices patched, and applications and OS patched for anti malware and vulnerabilities.
Yep. Nas in particular needs to be kept up to date.
Yep NAS, computer, broadband router, wifi lan controller, printers, phones, tablets, and IoT devices, TVs etc… you don’t want your devices to fall victim to a bot herder or worse.
Yeah, that was the problem here. My wife works for the council, the laptop was quite old… as thick and heavy as an paving slab and the only way it would work on our network/LAN was if we turned off the 5ghz WiFi and a number of other features. No mater what we did it would not run until the network only had 2.4ghz working. So after a lot of back and forth with their IT team, separate LAN it was🙄
Agh yes - probably the wifi protocols the laptop use are limited; 802.11g for example only used 2.4GHz where as 802.11ac only supports 5GHz. The other protocols since 802.11n support both bands - but the hardware might not…
My son is a home gamer on Fortnite.
What would it mean for him to be stealth?
His PC connects Via ethernet cable to an ethernet wall socket, which enters the Cisco switch downstairs, which comes out of another wall socket and goes into a BT hub 2 router,
Is the stealth setting something to do with the game settings or the PC Windows operating system, or the router?
Sorry I was talking slang stealth means that if a probe on ports from the internet hits your router the router does not respond.
It will have no affect or relevance to fortnite
Would that be standard on a BT Home hub 2 with ee fibre?
I have no idea sorry. But usually unless you have opened ports, routers are pretty locked down.
Indeed, ports will be shut unless you have explicitly opened them, such as for a DMZ… sometimes known as port forwarding. By default they are shut for inbound traffic, and ephemerally opened for outbound flows (this allows your home network to talk to the internet) … and that’s for most ISP routers, certainly BT/EE,
Just as importantly most devices for home networks will have ports shut unless explicitly required for operation.
That’s good to know, that’s what I would expect.
If you are interested and want to check, do a search for grg ports up scanner, this website will probe common ports or specified ports that you put in.