Is there a way to completely isolate a computer from the rest of your home network?

Ady2009 · 3 Dec 2024 at 18:38

Hi all

My employer is forcing me to use their laptop which would not normally be a problem for most of us. The big problem in my case is that they can not be trusted at all - they are a big organisation but have been involved in fraud and have been spying on other colleagues etc. I dread to think what spyware they have put on that laptop. I will need to connect this laptop to my wi-fi so I can work but am not happy about it getting any kind of access to my network or my IP address etc. Is there any way I can completely isolate this thing similar to running an untrusted piece of software in a sandbox? I do have a spare router if I could use this somehow? Would it help if I was to run this thing through a VPN to hide my personal details?

Thanks

Hutchy · 3 Dec 2024 at 18:45

Most routers have Guest wifi modes or IoT modes which allow the device to have internet access, but no access to the internal network. Could be the solution?

Steveocee · 3 Dec 2024 at 19:47

You need a new employer.

Sin_Chase · 3 Dec 2024 at 22:09

VPN isnt going to help you. Any traffic from the laptop to a local address isnt going to go through it.

Simplest solution, as already mentioned, is to setup a second/guest WiFi network on a different network subnet and making sure your router isnt offering a route between them.

If you can setup a second/guest network then look for a setting called "Isolation Mode" or similar. This prevents devices on the same network being able to route traffic between each other.

You probably wont want to enable this on your main network however as its likely you want at least some devices to be able to communicate with each other!

Quartz · 3 Dec 2024 at 22:19

Probably the safest method is to use a separate mobile data connection. Which the company funds.

Caged · 4 Dec 2024 at 09:08

You need a router that supports a guest Wi-Fi SSID that can prevent your work laptop from being able to connect to anything else on your LAN (this will include your printer), but also the new year would be a good time to not work for someone who does fraud.

Ady2009 · 5 Dec 2024 at 23:05

Thanks all. I really liked the idea of using a guest wi-fi but it doesn't look like either of my routers supports that capability which is a shame. I am now thinking about using a pocket hotspot as I can take the battery out at the end of each day and relax that my network is safe. I totally agree that I need to find another job as this place is as crooked as they come but still hide behind a reputation that they used to have 20+ years ago.

Haggisman · 6 Dec 2024 at 11:10

"Sorry boss, I don't have a suitable internet connection at home, please advise whether the company will set one up for me, or if I should do it myself and expense it?"

If your employer is FORCING you to WFH, then they need to provide the tools necessary to do your job.

Mcnumpty2323 · 6 Dec 2024 at 11:23

You can pick up a hauwei ax3 for £30
Can make a guest network on it

Though as already said
Should have told them to provide you a 4g/5g router
for work from home use

alex24 · 6 Dec 2024 at 11:46

What router?

May be worth investing in one or an AP that can enable guest access. If you don't mind some config you can setup separate SSID with client isolation, then run it into a separate VLAN that can access WAN out but nothing else inside your network. It would still see your IP unless you connect through a VPN service, but that could cause problems depending on how the company allows you into their intranet. Also, no activity on the client laptop would be safe from intrusion or monitoring if it's their own managed equipment. So it depends on what you're trying to protect against.

Another job sounds like a better solution.