Securing the Home Network – Guest Wi-Fi® Networks

The newest Wi-Fi® Routers support both a Primary “Private” and a Secondary “Guest” Wi-Fi® network.  This allows you to have two separate SSID’s, (the names of your Wi-Fi® networks), at the same time.  Specifically, the Primary Private Wi-Fi® network would be for your exclusive use and connect all of your Wi-Fi® or Wired Home Computers, Printers; Cell Phones, Tablets, Gaming Computers and Internet enabled devices like Blu-Ray Players and Internet enable Flat Panel TV Sets to each other and the Internet.

The Secondary Guest Wi-Fi® network would connect visiting Internet enabled devices, like Tablets, Notebook Computers, Smartphones, and Gaming Computers ONLY to the Internet.  After all, you have no idea where those Internet enabled devices have been nor can you be sure they have been practicing “Safe Computing” with proper Antivirus and Firewall software installed.

Guests are given a different SSID and password to access the alternate, dedicated Wi-Fi® “Internet Only Access” network in your home.  You may be wondering, “If it is a Guest Wi-Fi® network, why do I need to set a password at all?”  Answer:  You do not want to be providing “Free” Internet access to your neighbors and more specifically, anyone who just happens to be passing by.

If you already have a Wi-Fi® Router installed and it does not support both Primary Private and Secondary Guest networks, you have two options:  upgrade your Router or purchase an Access Point.  The advantage of purchasing a new Wi-Fi® Router that supports both Primary and a Secondary network is that most likely it will also be Dual Band.  This means that it operates at both the 2.4Ghz and 5Ghz spectrums.  (See my article on “Understanding the Wi-Fi® 802.11 Network Standard” for more details.)  The 5Ghz spectrum is less crowded and may give you better Wi-Fi® performance in your home.

If you purchase an Access Point to create a Secondary Guest Wi-Fi® network, most support the option to configure in “AP Isolation Mode.”  This means that Wi-Fi® connected devices cannot see other Wi-Fi® connected devices on the same Wi-Fi® (SSID) network but they can see all of the devices on the Wired network.   For example, with AP Isolation Mode enabled, two Wi-Fi® connected Notebook computers will not see or be able to connect to each other to share files but both would be able to see a Printer physically connected with an Ethernet (wired) cable to the Network Router.   If every device in your home is connected via Wi-Fi® to your Primary Private Wi-Fi® network, then adding an Access Point is a good solution to create a Secondary Guest Wi-Fi® network.

If you have devices in your home attached to your Primary Private Wi-Fi® Network and you also have devices connected via Ethernet (wired) cables, then you need to configure the specific physical Ethernet port that your Guest Access Point is connected to on the Local Area Network side of the Router to only connect to the Internet/Wide Area Network of the Router.  This completely isolates Guest Wi-Fi® connections through the Access Point exclusively to the Internet.  Otherwise, your Guests will be able to see any device that is connected via an Ethernet (wired) cable to your network.

Speak Your Mind