What's new

How 'safe' is the guest network?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pabla

Regular Contributor
Was planning on giving my tenants access to our home internet. Currently have them set on the configured guest network on my rt-ac3100. My main concern is security, as my whole security system is on the network. Is using the guest network option a good choice, while still keeping my main network secure? Or should I setup a second router on the network just for the tenants (may cause double NAT issues). Attached is my current setup for the guest network.
 

Attachments

  • Screen Shot 2019-10-19 at 6.02.22 PM.png
    Screen Shot 2019-10-19 at 6.02.22 PM.png
    391.1 KB · Views: 296
First, that seems very generous of you! :)

Secondly, I would not use the default guest network options in this situation, even as you have set them (they are correct, btw).

I would follow the following link and properly set up an amtm and a swap file on a spare USB key.

amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421

Then I would install YazFi and create a new subnet for your guests. :)

https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

This would be even more secure than using a second router just for the guests. ;)
 
First, that seems very generous of you! :)

Secondly, I would not use the default guest network options in this situation, even as you have set them (they are correct, btw).

I would follow the following link and properly set up an amtm and a swap file on a spare USB key.

amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421

Then I would install YazFi and create a new subnet for your guests. :)

https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/

This would be even more secure than using a second router just for the guests. ;)

I was only going to give them access to my network if there was an easy and safe way.. doesn't seem like there is
Thanks though for the links and info though! I will certainly still look into it :)
 
Was planning on giving my tenants access to our home internet. Currently have them set on the configured guest network on my rt-ac3100. My main concern is security, as my whole security system is on the network. Is using the guest network option a good choice, while still keeping my main network secure? Or should I setup a second router on the network just for the tenants (may cause double NAT issues). Attached is my current setup for the guest network.

Should you be concerned that their Internet usage would reflect on your ISP service account? You would not want to become suspect for their Internet activities.

OE
 
The two routers in a double NAT setup is simple and give you protection but only if the first router (Internet facing ) is the one that your tenants have access to. Devices on the first router won't be able to connect or see devices on the second router however the opposite isn't true.

A double NAT setup won't have any measurable impact throughput at reasonably high speeds but it does make setting up a server on the second router more complicated.

As others have pointed out there are other issues and another issue that you need consider is fair allocation of bandwidth. What happens if they stream several HD video sources and you also try and stream something? Do you have enough bandwidth to cover everyone?
 
Was planning on giving my tenants access to our home internet. Currently have them set on the configured guest network on my rt-ac3100. My main concern is security, as my whole security system is on the network. Is using the guest network option a good choice, while still keeping my main network secure? Or should I setup a second router on the network just for the tenants (may cause double NAT issues). Attached is my current setup for the guest network.

A second router.
 
You would not want to become suspect for their Internet activities.

This is the main reason to abandon the idea.
@Pabla may get one day a copyright infringement notice because of something downloaded by his tenants.
 
This is the main reason to abandon the idea.
@Pabla may get one day a copyright infringement notice because of something downloaded by his tenants.

Or much worse when someone, anyone including their kids or guests takes to downloading child porn or browsing illicit/watched sites.

OE
 
Was planning on giving my tenants access to our home internet

How much do you trust them? The trust issue would also apply to the various IOT gadgets around the house - putting them into a sandbox where they can reach out to the internet for their cloud services, but no direct access back into the LAN/WLAN.

Folks make a good case about what activities your tenants could do (kiddy porn, piracy, hacking, dark web, etc), and that would be traceable back to your WAN address, and without records/logs, it would be a serious challenge to support if the cops come knocking at the door.

From a LAN side - the guest network is isolated from the primary network, and you can use AP isolation as well - so technically it is possible...
 
Thanks for the input everyone! Haven't even thought about some of things mentioned, and because of that looks like I won't be giving them access after all!
 
Could I just ask the thread in general a quick question... Why is there some need for a second router and NAT, or subnet etc? Obviously I understand the need to seperate guests in this example from the OP's network, but (and here's what I'm getting at) why isn't simply disabling the "Access the Intranet" option secure enough... Especially so if the guest network has different credentials etc than the OP's regular wifi network?

I only ask because I got a distinct impression that the thread's concensus was, that disabling access to the Intranet, wasn't particularly effective at blocking guests from the OP's normal network activity, and thus protecting the OP's privacy/security etc on his regular network. Is that the case, or not?

I was under the impression that the option of disabling Intranet access, was there precisely for this particular set of circumstances... Can you guys put me right, if I'm wrong, and full me in on whys and wherefores of this, please?
 
Think the problem is not to isolate guests from his intranet (guest SSID should be fine for that) but that he doesnt know what his tenants are going to use on his line.
 
I was under the impression that the option of disabling Intranet access, was there precisely for this particular set of circumstances...

Not really. It's a Guest Network. You invite guests, their kids bring tablets to watch YouTube, for example. They are around you, you know them well, they stay only temporary at your place, you expect what they are going to use the Internet connection for. With tenants you don't know, somewhere behind a closed door, is a bit different situation.
 
Guest Networks work for wireless connections but they do not function on hardwired Ethernet connections.

Also someone by having access to your network even as a guest has some clues that they could use to attempt access to your primary network.

1. They know who the network is owner is so they can through guesses & social engineering try to determine the router's password.

2. They know what the router's IP is.

3. They know what SSID's are associated with the router.

4. There is also the possibility that a guest user could crash the router and force a reset back to default settings.

Items 2 & 3 can determined even if you don't have guest access but it is a short cut.
 
Last edited:
Guest Networks work for wireless connections but they do not function on hardwired Ethernet connections.

Separating clients on wired connections is doable, but with the concerns above still not a good idea.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top