Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two co-located businesses: Share Internet or Separate Accounts for Security?


  • Please log in to reply
5 replies to this topic

#1 Fran3

Fran3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 November 2015 - 10:53 AM

We are about to locate our business in a building with another business. The will be in one end of the building and we will be in the other end of the building.

 

They have offered to "share" their internet meaning that we would just connect a switch to one of the ports on their router and then connect the other side of that switch to our computers.

 

They are a small business and do not have a server are not setup as peer-to-peer network... 

 

We will have all of our computers on a peer-to-peer network with one computer designated as our network drive... but no official server.

 

So the configurations would look like this...

 

BEFORE:

 

---> ISP ---> internet ---> ISP's Modem ---> Client's Router ---> Clients Computers

 

AFTER:

 

---> ISP ---> internet ---> ISP's Modem ---> Client's Router ---> Clients Computers

                                                                                             ---> Our Switch ---> Our Peer-To-Peer Network

 

Are we adequately protected in this "AFTER" configuration from one of their users getting and spreading a virus/malware to other computers on the network (including ours) or would it be better for us to get our own account with the ISP so that we had our own ISP Modem connected to our own Router connected to our own Peer-to-Peer Network?

 

We save money if we share their account but I'm wondering if our own IP, ISP Modem, etc would give us more network security and protection.

 

Thanks for any help.

 

 

 



BC AdBot (Login to Remove)

 


#2 Whisker58

Whisker58

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 November 2015 - 05:55 PM

What you've suggested for an "after" connection will not protect you.  Ultimately, you need to put a firewall between your private network and any other network you don't trust.  Most (not all) ISP's allow for multiple CPE's (Customer Premise Equipment), in which case you split the modem's WAN network with a switch, and each of you connect your own firewalls to that switch.  Otherwise, you can daisy-chain firewalls; you connect the WAN port of your firewall to one of the LAN ports on their firewall.  All you have to do is buy a firewall for yourself.  Here's what you can do:

 

Mutiple CPE:

 

ISP > Modem > Switch > Their Firewall > Their Network

                                    > Your Firewall > Your Network

 

Single CPE, protects you but not them:

 

ISP > Modem > Their Firewall > Their Network

                                                > Your Firewall > Your Network

 

Single CPE, protects both of you:

 

ISP > Modem > Shared Firewall > Their Firewall > Their Network

                                                   > Your Firewall > Your Network

 

I hope that makes sense.



#3 RolandJS

RolandJS

  • Members
  • 4,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:11:44 PM

Posted 27 November 2015 - 06:04 PM

[rjs-deleted; HnTX guru info not needed]


Edited by RolandJS, 27 November 2015 - 08:23 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 Fran3

Fran3
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 27 November 2015 - 06:15 PM

What device provides a firewall only?

 

As I understand it a off the shelf router will provide that functionality but I thought each router would want its own unique IP Address from the ISP... which I thought would require one ISP Modem for their stuff and another ISP Modem for our stuff.

 

But, sounds like I need some educating on what devices to buy...

 

And, would we need to notify the ISP that we putting a switch on the output of their Modem that would serve business one on one port and business two on a second port?

 

Thanks for the help.



#5 Whisker58

Whisker58

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 27 November 2015 - 07:43 PM

Most people use the term firewall / router / gateway interchangeably when referring to consumer or small-business equipment.  Let's assume it's a Linksys WRT54GL device (now owned by Dell).  It has a single WAN port, and 4 LAN ports.  The router's WAN port can be plugged into a LAN port on another router, and it'll work just fine.  The WAN port can be set to gets its IP configuration via DHCP, and as long as the other device is serving DHCP, it'll configure itself.

 

What you'll have to ask the ISP is if they allow for multiple CPE.  Also, they may not allow for multi-tenancy.  Connecting two separate businesses to a single modem might be against their terms of use.  What I would suggest doing is contacting the ISP's technical support directly, or an authorized dealer for the ISP.  I think it's going to take a bit of work for you to figure out exactly what you want to do.



#6 technonymous

technonymous

  • Members
  • 2,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 29 November 2015 - 10:42 AM

For a home network it's ok, but not for business. The first network isn't protected from the second network. You could bring in a 3rd router this way both networks are behind hardware NAT. However, in a business you wouldn't want to do that. You will also have problem with double NAT and forwarding all the time. Another reason, you have no control over the hardware keeping it safe under lock and key. A person can put a tap between gateway WAN & Lan switch and sniff all the traffic and do MITM attacks. You really want to run your network cable to someone else router you have no control over?? No thanks!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users