Needing Some Security Advice: Are Subnets Considered Secure?

MikeEwins

Posts: 28   +1
We have had a setup in our home environment for some time that I feel has worked great. Our provider (Wowway) has given us two IP addresses. Or at least, we could use them. From the cable modem, we connect to a switch, which in turn split to two routers: one for WFH purposes, one for the family/personal.

Each router got its own IP address, worked perfectly.

Well, this morning, with all the wind/commotion happening out there, the power went out, and it triggered something either with the equipment or unveiled a new policy adjustment with Wowway whereby only 1 IP address can now be used.

That is, only one router can be functional at a time now, and not both concurrently as we had before.

I love Wowway but I am afraid if I call it will show that we have been using 2 IP addresses and/or they will try to upsell into something else than we had before. Either way, I am not feeling too confident about it.

So it got me to thinking, why not connect the modem directly into the WFH router, and then plug the family router into the WFH as a subnet?

Turs out, this works, and the WFH clients cannot see the family subnet.

However, I am concerned about security which is why I am writing here.

Is this setup considered secure? Of course, it would be more ideal to have two separate IP addresses, but that is no longer an option. Is this setup we have now considered viable or should we consider something stronger (or bite the bullet and call Wowway to see what is up)?

Thank you for any guidance/consideration/advice that you can provide,
-MD
 
I think the current setup is not secure since the traffic coming from the family router has to pass through the WFH router (WFH devices can sniff the traffic going by if something was malicious).. The way you had it before should still work even with a single external IP address on the cable modem. Just make sure that the Cable Modem/router, WFH router and the Family router are on different subnets. Through the magic of double NAT everything will work and be back to the more secure way you had it where there is no route from the WFH router to the Family router.
 
I guess I am not really sure why you are trying to separate your traffic but that is irrelevant. First question I have is did the modem give you 2 different public IP addresses or different private addresses? Each router is a NAT point and thus should not be able to communicate without static routes assuming that they are different subnets. As for security, what are you trying to achieve? If they are on different subnets then they should not be able to communicate with each other unless there is a route to each on each router. If your goal is to simply keep the family devices from reaching the WFH devices then you are already achieving this however this could create a double NAT problem for game consoles on the family subnet.
 
Back