Fixed IP addresses or use a switch?

Topic

New Reply

Three solo lawyers with separate practices who share a building want to share a fast internet connection. For ethical considerations they need to keep their traffic separate, as far as one theoretically accessing another’s traffic is concerned. One says a switch (small, one-time expense) placed between the router and the lawyers downstream will accomplish this, sending each one’s traffic only to him/her. But another says no, merely paying extra each month for fixed IP addresses will take care of that without a switch. Who has the better answer?

Reply | Quote

Replies

Auggie,

From my limited understanding of networking I would think the best {most secure} method would be to have 4 routers {they are not that expensive}

The Main Router would hook up to the cable/dsl modem then connect to each of the other 3 routers.
Each office would have it’s own sub-net, i.e. 192.168.3.{0-255}; 192.168.4.{0-255}; 192.168.5{0-255}.
That way the network traffic would only interset at the Main Router which would automatically send the traffic back to the secondary router that originated it.

I’m sure one of the Network Gurus here will explain this better but hopefully you get the idea. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

You could subnet them: Hosts on a subnet cannot talk to hosts on a different subnet with sending traffic through the router. However it’s not an out of the box solution and somebody would have to administer the router, configure the firewall and hold legal liability if something went wrong. That individual would also have access to all network traffic, which would not be good if the lawyers are separate legal entities.

If they are indeed separate legal entities, I would recommend leasing three separate lines and use three routers. Each lawyer is responsible for his or her own network and data security policy. Each administers their own internet connection and they have no cross liability case of a network compromise. It also overcomes the issue of apportionment of bandwidth and costs.

However, if the lawyers are part of a partnership or other single entity I would expect there would be commercial and legal reasons why it would be advantageous to have all network traffic routed through a single point such as Small Business Server.

…..While on this thought, they should also consider their phone lines – the same considerations apply if a single managed direct-dial phone solution is installed.

Reply | Quote

You could do it with a switch by vlaning the different segments, but it will get messy pretty fast and vlans can be a nightmare to troubleshoot. Like Retired said you can setup 3 IP scopes for each but since the router has connections to each, someone on one of the subnets would still be able “see” the other networks unless you put firewalls in front of each segment or have a higher end router that you could put ACLs on.

Reply | Quote

Modern routers are switches and one is all you need. The only data sent outside the port is internet or broadcast data so snooping will not be an issue. What can be a problem is one user deliberately sending data to one of the other computers to try to access it. This can happen if one user gets a virus.
Use Windows firewall and anti virus, make regular backups and practise safe hex.
Fixed IP addresses make no difference.

cheers, Paul

Reply | Quote

Not sure why they want to share. I just can’t think of a good reason other than to save a few dollars. Individual small business broad band accounts are not that expensive. Then there will never be a question of liabilities.

Reply | Quote