[SOLVED] Device Isolation [Cyber Security]

Feb 12, 2019
9
0
10
Hey all,

Here is my situation. To start off, I know I shouldn't have got into this situation in the first place, just need an answer to this question. I have a device from an unknown source that needs to be connected to the internet. As a precautionary measure, I am assuming this device has network-transferable malware. It probably doesn't but I do not want to take a chance. How am I able to boot this device with an internet connection, but lock it down so it is unable to communicate with any other device on my network/hide a device in my router or something of that sort, without having to buy a new internet connection?

Thanks!
 
Solution
Not simple to do with most consumer router. Since the lan ports are a basic switch and the traffic never goes to the main cpu there is not much you can do. Some routers have abilities to limit traffic but only if it passes from lan-wan which means it passes thought the cpu chip and it can analyze the traffic.

Likely the simplest way is to buy another router. 2 basic ways you can configure this. In both cases the second router wan port hooks to the main router LAN port. So you could put the offending device on the main router and connect all your other devices to the new router. The other option is to put the offending device on the new router BUT you would also need a router that lets you put in a rules that forbid...
So, the easiest way is with some static routes in your router denying that this device can see anything else. A lot of routers will also do this with the DMZ. You can also do this using a double nat that is even stronger since it would require the malware hacking a router from the wan side.
 
Not simple to do with most consumer router. Since the lan ports are a basic switch and the traffic never goes to the main cpu there is not much you can do. Some routers have abilities to limit traffic but only if it passes from lan-wan which means it passes thought the cpu chip and it can analyze the traffic.

Likely the simplest way is to buy another router. 2 basic ways you can configure this. In both cases the second router wan port hooks to the main router LAN port. So you could put the offending device on the main router and connect all your other devices to the new router. The other option is to put the offending device on the new router BUT you would also need a router that lets you put in a rules that forbid the device to access things on the main network. This mostly depends on if you have things like game console that will have issues with 2 NAT routers and how much money you want to spend on the second router.
 
Solution

kanewolf

Titan
Moderator
Hey all,

Here is my situation. To start off, I know I shouldn't have got into this situation in the first place, just need an answer to this question. I have a device from an unknown source that needs to be connected to the internet. As a precautionary measure, I am assuming this device has network-transferable malware. It probably doesn't but I do not want to take a chance. How am I able to boot this device with an internet connection, but lock it down so it is unable to communicate with any other device on my network/hide a device in my router or something of that sort, without having to buy a new internet connection?

Thanks!
Depending on how much internet usage you need, you could buy a pre-paid cellular modem and use that device to connect just the suspicious device.
 
Feb 12, 2019
9
0
10
All good ideas, preferably I wouldn't want to spend any money on this endeavor. If I was to turn off my wifi on the router, unplug everything from it, and only have the device directly connected, is there any way that something could stay dormant from that device in the router after I unplug the device?
 

kanewolf

Titan
Moderator
All good ideas, preferably I wouldn't want to spend any money on this endeavor. If I was to turn off my wifi on the router, unplug everything from it, and only have the device directly connected, is there any way that something could stay dormant from that device in the router after I unplug the device?
It is unlikely. The one possible negative side effect is that the compromised device could spam or some other activity that would cause your ISP to flag/restrict/close your account.
 
Jan 17, 2020
3
0
10
Some routers have abilities to limit traffic but only if it passes from lan-wan which means it passes thought the cpu chip and it can analyze the traffic.
I'm a beginner. I would have added a second router using the lan-wan and connected the devise I wanted to isolate to the second router. I thought this would create a new, isolated network. How do you know if your routers are really only a switch when using the ethernet lan ports?
 

USAFRet

Titan
Moderator
Hey all,

Here is my situation. To start off, I know I shouldn't have got into this situation in the first place, just need an answer to this question. I have a device from an unknown source that needs to be connected to the internet. As a precautionary measure, I am assuming this device has network-transferable malware. It probably doesn't but I do not want to take a chance. How am I able to boot this device with an internet connection, but lock it down so it is unable to communicate with any other device on my network/hide a device in my router or something of that sort, without having to buy a new internet connection?

Thanks!
Let's back up a few steps:

What is this device?
How do you know/assume it is infected?
Why can't it be powered up without a net connection - completely standalone?
 

USAFRet

Titan
Moderator
An Android TV Box

Better to assume it is than assume its not

Want to use without wiping all the data on it.
It's a TV box.
What could possibly be on that device that is so critical that it can't be wiped and reinitialized offline?

If it absolutely must be done online from the house or office network...I would physically disconnect ALL other devices, including WiFi, do whatever this device needs culminating in a full wipe and reinstall.
Then reconnect all that other stuff.
 
Feb 12, 2019
9
0
10
It's a TV box.
What could possibly be on that device that is so critical that it can't be wiped and reinitialized offline?

If it absolutely must be done online from the house or office network...I would physically disconnect ALL other devices, including WiFi, do whatever this device needs culminating in a full wipe and reinstall.
Then reconnect all that other stuff.

As an explanation, it wasn't mine and a shady guy gave it to me to do maintenance. Why did I do it? Dunno, stupid idea. Still his property so I didn't want to wipe it. Ended up doing what I could offline and told him that as a personal rule I wouldn't connect it to my network.
 
if your router has guest network capability and you have a media bridge or AP (capable of being one) then you already have the ability to isolate it.

All good ideas, preferably I wouldn't want to spend any money on this endeavor. If I was to turn off my wifi on the router, unplug everything from it, and only have the device directly connected, is there any way that something could stay dormant from that device in the router after I unplug the device?
 
Jan 17, 2020
3
0
10
Home routers are almost all a switch for the LAN ports.

Thanks, I believe I understand this now. My router's documentation mentions only a single LAN port. I assume the built-in switch is attached to the LAN port.

But say you use two routers and the first router is your original home network and you add a new router by plugging it into the original router's LAN port (by way of the switch) and the new router's WAN port. Why would it be better or simpler to plug a device you want to isolate into the original router and moving the rest of your devices to the new router? How is this different form adding the new router, leaving your original network intact, and plugging the device you want to isolate into the new router?
 

kanewolf

Titan
Moderator
Thanks, I believe I understand this now. My router's documentation mentions only a single LAN port. I assume the built-in switch is attached to the LAN port.

But say you use two routers and the first router is your original home network and you add a new router by plugging it into the original router's LAN port (by way of the switch) and the new router's WAN port. Why would it be better or simpler to plug a device you want to isolate into the original router and moving the rest of your devices to the new router? How is this different form adding the new router, leaving your original network intact, and plugging the device you want to isolate into the new router?
Because all the devices connected to the second router will be protected from the devices on the first router just as though it was the internet. No unsolicited traffic would pass from the devices on the first router to the devices on the second. From the devices connected to the second router, it is just as though you had moved those first router devices to another country.