A second router protects adults from kids
If you live in a home where parents/adults have one or more computers, children have their own computer(s), and everyone shares a single Internet connection, then you should consider a second router.
While the main function of a router is to let multiple computers share a single broadband connection to the outside world, it is also invaluable in offering firewall protection. Firewalls that run on your computer have their place, but you are much safer with the additional protection offered by the firewall in a standard, ordinary, consumer-grade router. Previously, I suggested that even someone with only one computer get a router, just for the firewall protection.
Last week, Leo Notenboom, of Ask-Leo.com, wrote about using a second router to protect adults from children sharing the same Local Area Network (LAN) at home (see How do I protect myself from my children? )
Leo targets Windows users, and I take it as a given that no mix of defensive software offers perfect protection on a Windows machine. That said, the networking scheme he discusses is applicable and sensible regardless of the operating system running on any single computer. If you are an adult, sharing a network with children, and the health and well-being of your computer is important to you, then investing in a second router makes sense.
The basic idea that Leo suggests is to put the adult computers in their own LAN, protected by the second router from the LAN segment with the children's computers. Everyone still shares the single Internet connection.
In addition to the firewall, the NAT feature in a router also offers protection. For example, if the kids use private IP addresses* such as 192.168.1.x then the adults can use private IP addresses in the range 192.168.8.x. Assuming everyone uses the default subnet mask of 255.255.255.0 (a topic for another day) then the adult computers and the kids' computers can't directly talk to each other.
This networking scheme does not eliminate the need for firewall software in each individual computer.
This approach may also apply to a small business if certain computers do work that is judged to be much more important than others. Here too, the small expense of a second router offers additional protection to the most important computers. Taking this even further, it is not at all unreasonable for a small business to ban an important computer from ever touching the Internet.
Finally, anyone installing a new router should read my earlier posting Defending your router, and your identity, with a password change.
Update. September 27, 2008. For more on this subject, see my follow-up Using a second router: A techie how-to
*For more on public vs. private IP address, see What does your IP address say about you?
See a summary of all my Defensive Computing postings.
Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure. 
It's a very inexpensive way to protect your network, and on the same price schedule I can't think of a better alternative.. but man, double nat can just be harsh. Sure hope Mom and/or Dad do not do any level of remote work that needs a VPN...
Simply separating yourself from your children does not absolve you of your responsibilities; you wouldn't let an unwell child play with other kids who could catch their bug, so why think it's ok for it to happen over the internet?
- by jgoto October 24, 2008 7:14 AM PDT
- Correct me if I'm wrong but this solution may not protect the data of the parents network. If a computer on the kids network gets spyware(something very possible) that is sophisticated enough to use ARP poisoning, couldn't it reroute all the traffic on both networks through the infected machine and harvest sensitive internet traffic. It might not get banking information which is encrypted, but stuff like email usernames and passwords are often sent unencrypted and it could steal that information.
- Reply to this comment
-
(5 Comments)