Copyright 2001-2007

Hardware and Software Specifications, Examples, Links, and other info. are valid at the publishing time. In case it become invalid use the Internet Search.

1st Published, April. 2005

Over 6,500,000 Hits Site Wide in 2006






Network Segregation - Adding security to Wireless Network (or to any peer to peer Network).

The main goal of this page is to describes a type of Network configuration that can be used to enhance the security of a network that contains Wireless computers or any other computers that deem to be "unsafe".


Note* While this page is demonstrating a specific way of protecting Wireless connection and the network behind it, the principle can be used for other configurations.
See toward the end of the page.

Network segregation separates one Network into two LANs keeping the unsafe computers in the front Network and moving the computers that you would like to protect to a second shielded Network.

A simple segregation can be achieved by using two Entry Level Cable/DSL Routers.

If the Wireless connection is "invaded", or any of the Wired or Wireless computers become compromised. The "Shielded Network" would be protected by the "Shield Router's" NAT Firewall from the "Invader".

If you are Not familiar with the protection that is provided by a Router read this.

Link to:  Cable/DSL Routers - NAT, Open Ports, DMZ, SPI .

Assuming that you have a Wireless Cable/DSL Router that is connected to your Broadband Modem and provides Internet sharing to few Wired, and few Wireless computers

Buy a second Cable/DSL Router.  You can find a Wired Router or an old 802.11b Wireless Router for less than $20. If the second Router is a Wireless Router disable the Wireless part of it (if it can not be disable the wireless  through the menus, take off the Antennae).

Disconnect the Computers that you would like to be protected from the Front Wireless Router and plug them into the second (Shield) Router. Connect the WAN port of the second Router (using a crossover cable) to one of the regular port of the Wireless Router.

Log from a Wired computer to the second Router and configure the IP range of the second Router to use a different IP range than the first Router.

E.g. If the Wireless Router is 192.168.1.x configure the second Router's LAN side to 192.168.2.x

Configure the WAN port of the second Router to a static IP that is of the IP range of the first Router. I.e. 192.168.1.x

The whole thing should look like this: Network Segregation

Such a configuration shields your Wired system behind the second Router, thus even if your Wireless Network is invaded the invader would not be able to pass the second Router's Firewall and "Share" your Segregated Network.

Unfortunately you would not be able to share files with using Windows File Sharing across the two Networks (regular file and printer sharing would work normally within each Network). The relation between your segregated Network and the front Network would be like the relation between the front Network and the Internet. 

My favorite way to copy and move files between the two LANs is by using Remote control program (which can be found for free and it is easy to set) like this:

Link to:  Ultr@VNC - Remote Control for your Network/Internet.

However you can configure other applications to achieve the same goal (Windows Remote Desktop, Net Drive etc.)

If you have an applications that need to maintain Open ports you would have to open the ports through the software Firewall, the Shield Router's Firewall, and the Front Router's Firewall.  If the Front network does not need any port to be kept open, you can save part of this process by putting the IP of the Shield Router on the DMZ of the Front Router, and thus all the ports of the  Shield Router will be open through the Front Router.

Note: This type of configuration does not eliminate the need of Software Firewall, AntiVirus, and AntiSpyware programs. to be installed on both Networks computers.


The same principle as depict in the page can be use in order to create similar topology as a solution to other Network issues.

As an example, you can maintain a less secure Wireless available for friends of the first Router, and use fully secured Wireless (WPA-AES) behind the second Router.

Or, you can connect the WAN port of the second Router through a Wireless Game Box card to the first Router, and thus replacing the connection between the two Routers with Wireless (get a Game Box that can secured with WPA).

You can find more about  Wireless Security in the following pages.

Wireless Security Basic Configuration

Wireless Encryption - WEP, WPA,  and WPA2 (802.11i).

You can find more about  Network Security in the following pages.

Basic Protection for Broadband Internet Installation - Routers and Firewalls

Internet Infestation - How to protect and clean your Internet connected Computer/Network.

Basic Steps in cleaning Internet "Junk".

Windows Host File- What is it and How to Mange it?

Assemble Freeware Security suite for Internet Connection

Copyright 2001-2007 EZLAN.NET.  All Rights Reserved.