September 24, 2008 8:51 AM PDT

A second router protects adults from kids

by Michael Horowitz
  • Font size
  • Print
  • 5 comments

If you live in a home where parents/adults have one or more computers, children have their own computer(s), and everyone shares a single Internet connection, then you should consider a second router.

While the main function of a router is to let multiple computers share a single broadband connection to the outside world, it is also invaluable in offering firewall protection. Firewalls that run on your computer have their place, but you are much safer with the additional protection offered by the firewall in a standard, ordinary, consumer-grade router. Previously, I suggested that even someone with only one computer get a router, just for the firewall protection.

Last week, Leo Notenboom, of Ask-Leo.com, wrote about using a second router to protect adults from children sharing the same Local Area Network (LAN) at home (see How do I protect myself from my children? )

Leo targets Windows users, and I take it as a given that no mix of defensive software offers perfect protection on a Windows machine. That said, the networking scheme he discusses is applicable and sensible regardless of the operating system running on any single computer. If you are an adult, sharing a network with children, and the health and well-being of your computer is important to you, then investing in a second router makes sense.

The basic idea that Leo suggests is to put the adult computers in their own LAN, protected by the second router from the LAN segment with the children's computers. Everyone still shares the single Internet connection.

In addition to the firewall, the NAT feature in a router also offers protection. For example, if the kids use private IP addresses* such as 192.168.1.x then the adults can use private IP addresses in the range 192.168.8.x. Assuming everyone uses the default subnet mask of 255.255.255.0 (a topic for another day) then the adult computers and the kids' computers can't directly talk to each other.

This networking scheme does not eliminate the need for firewall software in each individual computer.

This approach may also apply to a small business if certain computers do work that is judged to be much more important than others. Here too, the small expense of a second router offers additional protection to the most important computers. Taking this even further, it is not at all unreasonable for a small business to ban an important computer from ever touching the Internet.

Finally, anyone installing a new router should read my earlier posting Defending your router, and your identity, with a password change.

Update. September 27, 2008. For more on this subject, see my follow-up Using a second router: A techie how-to

*For more on public vs. private IP address, see What does your IP address say about you?
See a summary of all my Defensive Computing postings.

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
Topics:

Firewall

Tags:

router,

LAN

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
Fixing bugs in the Flash Player yet again
Getting more battery power for your computer
Get an MSI Wind Netbook for only $349
Not interested in a Netbook computer? Consider the Honda Fit
Beware emails linking to blogspot.com
When Word documents break
More about printer ink rip-offs
Some computers are too important to be networked
Related
Post-Christmas Wireless-N routers explained
FTC: Kids can find adult content in virtual worlds
Real Deal Podcast 189: Road Test
Get an Xbox 360 Wireless N Adapter for $79.99
Weekly Utilities Update: SMART Utility, TimeMachineEditor, BlueHarvest, more…
Average Net user now online 13 hours per week
Sex, porn, Jacko top kids' searches in 2009
SmartSynch offers universal router for smart grids
Add a Comment (Log in or register) (5 Comments)
  • prev
  • 1
  • next
by blsith September 24, 2008 10:46 AM PDT
I just looked at his diagram, and I'd be concerned over "double nat" as it is often called. Every time you have to do a port translation, you take a risk of applications just not working properly.

It's a very inexpensive way to protect your network, and on the same price schedule I can't think of a better alternative.. but man, double nat can just be harsh. Sure hope Mom and/or Dad do not do any level of remote work that needs a VPN...
Reply to this comment
by mhinnewyork September 24, 2008 12:08 PM PDT
Good point. I'm going to set up this type of network connection, live with it for a few days and I'll followup with any gotchas. There are different types of VPNs, I use an SSL VPN and we'll see how that works... Michael Horowitz
by alegr September 24, 2008 10:55 AM PDT
Why you'd want all that? Just make sure your kids and spouse don't have Administrator privileges (and you, too, on your regular account). That's enough to stop the viruses.
Reply to this comment
by nenslo September 25, 2008 2:36 AM PDT
The main problem with this idea that I can see is that it doesn't protect kids from themselves. I think the adage "prevention is better than the cure" works in this situation. The key here is education, if parent's can't be bothered to at least keep an eye on what their children are doing then they should at least help them learn to protect themselves from viruses and malware.

Simply separating yourself from your children does not absolve you of your responsibilities; you wouldn't let an unwell child play with other kids who could catch their bug, so why think it's ok for it to happen over the internet?
Reply to this comment
by jgoto October 24, 2008 7:14 AM PDT
Correct me if I'm wrong but this solution may not protect the data of the parents network. If a computer on the kids network gets spyware(something very possible) that is sophisticated enough to use ARP poisoning, couldn't it reroute all the traffic on both networks through the infected machine and harvest sensitive internet traffic. It might not get banking information which is encrypted, but stuff like email usernames and passwords are often sent unencrypted and it could steal that information.
Reply to this comment
(5 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET