网络安全中的安全设备
Whether we like it or not, there are just some devices in our homes that are, and always will be insecure. Is there a safe way to add those devices to a home network without compromising the security of other devices? Today’s SuperUser Q&A post has the answer to a security-conscious reader’s question.
无论我们是否喜欢,我们家中只有一些设备,而且永远都是不安全的。 有没有一种安全的方法可以将这些设备添加到家庭网络而不损害其他设备的安全性? 今天的“超级用户问答”帖子解答了安全意识强的读者的问题。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader user1152285 wants to know how to safely add insecure devices to a home network:
SuperUser阅读器user1152285想知道如何安全地将不安全的设备添加到家庭网络:
I have a few Internet connected devices that I do not trust as being secure, but would like to use anyway (a smart television and some off-the-shelf home automation devices). I do not want to have them on the same network as my computers.
我有一些我不信任它们安全的Internet连接设备,但无论如何都想使用(智能电视和一些现成的家庭自动化设备)。 我不想让它们与我的计算机位于同一网络上。
My current solution is to plug my cable modem into a switch and connect two wireless routers to the switch. My computers connect to the first router while everything else connects to the second one. Is this enough to completely isolate my computers from everything else?
我当前的解决方案是将电缆调制解调器插入交换机,并将两个无线路由器连接到交换机。 我的计算机连接到第一个路由器,而其他所有连接到第二个路由器。 这足以将我的计算机与其他所有设备完全隔离吗?
I am also curious if there is a simpler solution using a single router that would effectively do the same thing? I have the following routers, both with DD-WRT:
我也很好奇是否有一个使用单个路由器的简单解决方案可以有效地完成相同的工作? 我有以下路由器,都带有DD-WRT:
- Netgear WNDR3700-v3 网件WNDR3700-v3
- Linksys WRT54G-v3 Linksys WRT54G-v3
Except for a single computer on the first network, all of my other devices (secure and insecure) connect wirelessly.
除了第一个网络上的一台计算机之外,我所有其他设备(安全和不安全)都以无线方式连接。
How do you safely add insecure devices to a home network?
您如何安全地将不安全的设备添加到家庭网络?
答案 (The Answer)
SuperUser contributor Anirudh Malhotra has the answer for us:
超级用户贡献者Anirudh Malhotra为我们提供了答案:
Your current solution is ok, but it will increase one switching hop plus the configuration overhead. You can achieve this with just one router by doing the following:
您当前的解决方案是可以的,但是它将增加一个交换跃点以及配置开销。 您可以通过执行以下操作仅用一台路由器来实现:
- Configure two VLANs, then connect trusted hosts to one VLAN and untrusted hosts to another. 配置两个VLAN,然后将可信主机连接到一个VLAN,将不可信主机连接到另一个。
- Configure your iptables to not allow trusted to non-trusted traffic (and vice-versa). 将iptables配置为不允许可信到非可信的流量(反之亦然)。
Hope this helps!
希望这可以帮助!
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
Image Credit: andybutkaj (Flickr)
图片来源: andybutkaj(Flickr)
翻译自: https://www.howtogeek.com/279978/how-do-you-safely-add-insecure-devices-to-a-home-network/
网络安全中的安全设备
3274
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
