People, Networks, and Identity are three crucial areas of security.
Recent articles about large corporations exposing millions of customers’ data have been in the news lately. The fascinating forensics from some of the breaches was a determination that a contractor working remotely was hacked and exposed a tremendous amount of data that ended up on the dark web.
I find myself wondering what sort of protections these companies and their contractors put in place to protect the company’s intellectual property and, more importantly, the company’s customer data.
I keep my remote work environment separate from home computers. I keep social media, email, and personal information away from the work environment. My home office is set up on a separate network! The reason is simple if the company becomes compromised, the compromise will not affect my family. Conversely, suppose anyone in my family gets hacked, and a hacker breaches our home network. In that case, I have at least separated the company network to reduce the possibility that the hack will not impact the company.
I keep my smart TVs, smart speakers, and home appliances on a separate network, not just because it protects the company network but also because it makes sense to keep smart devices on a separate network. This article will cover how to design separate office and home networks as remote worker.
Let’s start with the Internet connection. I prefer a firewall that can provide at least three separate networks. A network that becomes the wireless network for my family and my personal computers, another network for my work, and another network for smart appliances. Additionally, I have a DMZ network to potentially expose applications from my Kubernetes cluster or my vSphere server.
My remote office uses one firewall and one wireless router to separate networks.
We have personal computers for each member of my family connected to the family network. I have a WiFi router providing access from the family network to our phones, laptops, printers, and computers.
The WiFi router also has the option to allow guests. Many routers support a feature called guest networking, which creates a separate Wi-Fi network for friends and family to use when they visit. They can access the internet from the guest network, but they can’t access network resources like shared folders, printers, or NAS devices. All smart devices (TVs, smart speakers, light controllers, smart thermostats, Ring doorbells) are set up on the guest network such that they do not have access to our family computers.
The firewall is set up to provide two more networks, a DMZ and an Office Network. The Work laptop is connected to the Office network and thus separated from the family network and the smart devices. Additionally, the work laptop has a VPN into the corporate network to secure its connection across the internet. I do allow the work laptop access to the family printers by setting a rule only to allow print jobs but no connectivity to family computers.
I have a refurbished Dell server that is set up with VMWare vSphere. There was a sale to get a refurbished Dell server with 192 GBytes of Memory and 2 Xeon processors, and no disks that I found on eBay for $250. I stuck a couple of 1 Terabyte SSD drives into it, and the refurbished server does a fantastic job running as a vSphere server in the lab!
Additionally, I have five refurbished Dell mini-tower computers from eBay, each cheaper than purchasing several Rasberry Pi mini-computers. The refurbished Dell desktops have far more memory and computing power than a Rasberry Pi. Four of the desktops are used as a Kubernetes cluster, and the fifth computer is used for backups.
The vSphere server and the Kubernetes cluster are placed into the DMZ network. This allows me to expose application development to the internet with less chance of a compromise impacting the home or office networks.
