您可能已经多次遇到家人(family member)或朋友访问您家并需要访问(access something)您网络上的某些内容的情况。也许他们需要一台计算机来处理Word 文档(Word doc),也许他们需要打印、扫描文档或与某人进行Skype 或 FaceTime 。(Skype or FaceTime)
我有很多家人过来,我真的不担心他们可以访问什么,因为我信任他们。然而,当其他人过来并住上几个晚上时,我往往会更加严格。现在你不知道(t know)谁有能力浏览你的网络和访问(network and access)你的计算机或设备。
在我的家庭网络上(home network),我连接了 5 台计算机、2 台打印机、1 个IP 摄像头(IP cam)、2 个路由器、几个媒体流媒体盒和一个带有 2.5 TB 个人数据的网络连接存储设备。(storage device)我主要担心人们访问NAS 设备(NAS device)。我本可以为它增加很多安全性,但这让我很难每天使用它。
幸运的是,您可以做很多事情来让人们访问您的本地网络,但同时不能真正让他们访问互联网(Internet)以外的任何东西。在这篇文章中,我将向您展示如何真正封锁您的网络,以便当您不确定 100% 的人想要连接到您的网络或使用您的计算机时,您可以放心,他们不会能够访问您不希望他们访问的任何内容。(access anything)
设置访客网络
如果有人想从他们的计算机或智能手机连接到您的(computer or smartphone)家庭无线网络,如果您让他们访问您的主(home wireless network)无线网络(wireless network),您真的无法阻止任何窥探。这意味着如果所有东西都通过以太网或无线连接到(ethernet or wireless)MyHomeNetwork ,并且您允许某人访问(someone access)该无线网络(wireless network),他们就可以访问网络上的所有其他东西。
有一些方法可以处理这种情况,例如网络隔离(network isolation),这意味着网络上的任何设备都无法与网络上的任何其他设备通信,但这将使您无法使用自己的网络。这非常适合公共WiFi点,即使您在同一个无线网络(wireless network)上,您也不希望星巴克(Starbucks)对面的人能够访问您的计算机。阅读我之前关于WiFi 网络的网络隔离的文章以了解更多信息。
相反,最好有一个单独的访客无线网络(guest wireless network)。现在您可以通过以下两种方式之一进行此操作:您可以在无线路由器(wireless router)上激活访客网络功能(guest network feature)(如果它支持),或者您购买一个非常便宜的辅助无线路由器并将其连接(wireless router and connect)给访客。我家里有一台 Linksys Cisco E2500 路由器(Linksys Cisco E2500 router),这些路由器的优点是内置了访客网络选项。(guest network option)
登录到您的路由器并转到无线(Wireless),然后转到访客访问(Guest Access):
启用访客网络(guest network),给它一个密码,选择可以连接的最大访客数量,你就完成了!现在客人可以访问互联网(Internet),但如果他们开始在您的网络中窥探,他们将找不到任何设备或任何其他连接到主网络的设备。它基本上在您的网络和来宾计算机之间创建了一堵墙。
现在这种方法的唯一问题是它需要一些技术知识。您必须登录路由器,找到正确的设置,然后启用它。其次,很多路由器都没有这个访客接入功能(guest access feature),那又如何呢?
那么,在这些情况下,您可以为自己准备第二个无线路由器(wireless router),并使用不同的子网、SSID 和密码(SSID and password)将其连接到您的网络。您可以在亚马逊(Amazon)上以 14 美元的价格购买二手D-Link 无线(D-Link wireless) G 路由器(含运费)。(G router)然后你可以阅读我关于如何在你的家庭网络上设置第二个(home network)无线路由器(wireless router)的帖子。
现在唯一的问题是您很可能必须将第二个路由器连接到第一个路由器。这是因为实际上只有一根电缆从主ISP 调制解调器(ISP modem)连接到您的无线路由器(wireless router)。因此,要连接第二个路由器,您必须将第二个路由器连接到第一个路由器。
但是,由于NAT,两个网络将能够相互通信。它仍然比只有一个网络更好,因为找出第二个网络存在并获取第二个网络的DHCP 信息(DHCP info)等信息并非易事。如果你有一个知道如何破解的人过来,那么你真的无能为力,除非你让一切都变得超级安全(everything super secure),没有人真正做到这一点。
我们只是试图阻止计算机和NAS设备在某人打开Finder 或 Windows Explorer(Finder or Windows Explorer)时出现在他们的计算机上。这对 99% 的人来说已经足够了。有一种技术方法可以使两个网络无法通信,但这需要使用DMZ,这对于我要展示的内容来说太复杂了。
因此,就无线网络(wireless network)而言,这是您的两个主要选择。如果您的路由器支持,最简单的方法就是打开访客网络(guest network)。如果没有,您可以购买便宜的二手路由器,将其连接在您的第一个路由器后面,并给它一个不同的SSID 和密码(SSID and password)。
共享打印机和扫描仪
在Internet 连接(Internet connection)之外,人们要求的下一个主要功能是打印和扫描。也许打印登机牌或类似的东西(boarding pass or something)通常是我听到的。现在,如果您有用户连接到您家中的单独无线网络(wireless network),那么如果打印机连接到不同的网络,则可能无法进行打印。
如果您有一台通过电缆连接的打印机,只需将打印机连接到他们的计算机(如果他们有),或者只是使用您自己的计算机并打印他们需要的东西。如果您有无线打印机(wireless printer)并且他们想从他们的计算机上打印,那么最好的方法是使用Google 云打印(Google Cloud Print)。只要他们有Google 帐户(Google account),您就可以简单地通过电子邮件与他们共享您的打印机,他们可以从他们的计算机上打印,而无需安装任何驱动程序或其他任何东西!
我已经编写了设置Google 云打印(Google Cloud Print)的完整指南,它将引导您完成设置打印机的过程,以便您可以从世界任何地方使用任何设备进行打印。这种方法的最佳之处在于它适用于任何类型的打印机:有线或无线、旧的或新的、连接到您的网络或连接到您的计算机。它的设置非常简单,并且能够通过电子邮件与他人共享打印机真是太棒了。
对于扫描仪,您可以直接将其连接到他们的计算机,或者如果您有一体机类型的设备,则可以使用U 盘并将其连接到扫描仪。(USB stick)
来宾计算机和帐户
有时客人必须使用您的一台计算机才能完成工作。在这种情况下,最好的选择是使用访客帐户(Guest account)将它们登录到您的计算机上。使用访客帐户(guest account),您可以放心,他们更改计算机设置的能力有限,更重要的是,他们将无法访问敏感文档、电子邮件、密码、浏览器历史记录或其他任何(history or anything)内容。
Windows中来宾帐户(guest account)的好处是它可以防止用户安装软件,如果您有一个想要使用您的计算机的年轻人或孩子,这可能是一个真正的问题。(adult or kid)他们不能更改任何系统设置、添加硬件或创建/更改访客帐户(guest account)的密码。它几乎已被锁定,除了确保在授予他们访问权限之前登录该帐户外,您无需执行任何操作。
通常情况下,Guest 帐户(Guest account)在 Windows 上是默认禁用的,但快速的Google 搜索(Google search)会显示您需要在控制面板中的哪个位置启用它。(Control Panel)之后,您将在普通用户帐户旁边看到来宾帐户。(Guest account)
在Mac上,您还可以启用访客用户(Guest user)帐户。只需转到系统偏好设置(System Preferences),单击用户和组( Users & Groups),然后启用来宾用户。
当然,您始终需要确保您在Windows 和 Mac(Windows and Mac)上的主要用户帐户有密码,否则该人可以简单地注销访客帐户(Guest account),然后只需单击您的其他帐户并(account and log)在没有密码的情况下登录。
最后,如果你像我一样,你可能有一台不再使用的旧电脑或上网本。在这种情况下,只需擦除它,安装新的Windows(Windows)副本,安装本地打印机并启用来宾帐户。当有人需要使用计算机时,只需给他们备用的,它会被锁定,您就可以开始使用了。
如果您有不同的设置来允许您的客人访问您的本地网络,请在评论中告诉我们。享受!
OTT Guide to Giving Guests Access to Your Local Network
You have probably run into the situation many times where a family member or friend visits your house and needs to acсess something on your network. Maybe they need a computer to work on a Word doc, maybe they need to print, maybe to scan a document or to Skyре or FaceTime with someone.
I have a lot of family that comes over and I don’t really worry about what they can access or not because I trust them. However, when anyone else comes over and stays for a couple of nights, I tend to be much more restrictive. Nowadays you don’t know who has the skills to browse your network and access your computers or devices.
On my home network, I have 5 computers connected, 2 printers, 1 IP cam, 2 routers, a couple of media streaming boxes and a network attached storage device with 2.5 TB of personal data. I mostly worry about people getting access to the NAS device. I could have added a lot of security to it, but that makes it harder for me to use on a daily basis.
Luckily, there are quite a few things you can do to give people access to your local network, but at the same time not really give them access to anything other than the Internet. In this post, I’m going to show you how to really cordon off your network so that when someone you’re not 100% sure about wants to connect to your network or use your computer, you can rest assured they won’t be able to access anything you don’t want them to.
Setting up Guest Networks
If someone wants to connect to your home wireless network from their computer or smartphone, you really can’t prevent any snooping if you give them access to your main wireless network. That means if everything connects to MyHomeNetwork either via ethernet or wireless and you give someone access to that wireless network, they can get access to everything else on the network.
There are ways around to deal with this type of situation such as network isolation, which means no device on the network can talk to any other device on the network, but this will make it impossible for you to use your own network. This is great for public WiFi spots where you don’t want the guy across the table at Starbucks being able to access your computer, even though you’re on the same wireless network. Read my previous post on network isolation for WiFi networks to learn more.
Instead, it’s better to have a separate guest wireless network. Now you can do this in one of two ways: either you activate the guest network feature on your wireless router if it supports it or you buy a really cheap secondary wireless router and connect that up for guests. I have a Linksys Cisco E2500 router at home and what’s great about these routers is that the guest network option is built right in.
Log into your router and go to Wireless and then Guest Access:
Enable the guest network, give it a password, pick the max number of guests that can connect and you’re done! Now guests can access the Internet, but if they start prying around your network, they won’t find any devices or anything else connected to the main network. It basically creates a wall between your network and the guest computer.
Now the only problem with this approach is that it it requires a bit of technical know-how. You have to log into your router, find the correct settings and then enable it. Secondly, a lot of routers don’t have this guest access feature, so then what?
Well, in those cases, you could get yourself a second wireless router and connect it to your network with a different subnet, SSID and password. You can get a used D-Link wireless G router on Amazon for like $14 with shipping. Then you can read my post on how to setup a second wireless router on your home network.
Now the only issue with this is that you would have to connect the second router to the first one most likely. This is because there is really only one cable coming from the main ISP modem to your wireless router. So to connect a second router, you’ll have to have to connect the second router to the first.
However, because of NAT, the two networks will be able to communicate with each other. It’s still better than having just one network because it’s not a trivial task to figure out that a second network exists and to get the information such as the DHCP info for the second network. If you have someone coming over who knows how to hack, there’s really not much you can do at that point anyway unless you make everything super secure, which no one really does.
We are just trying to prevent computers and NAS devices from showing up on someone’s computer when they open Finder or Windows Explorer. That’ll be enough for 99% of the people out there. There is a technical way to make it so that the two networks can’t communicate, but that require using a DMZ and that’s simply too complicated for what I’m trying to show.
So those are your two main options in terms of the wireless network. If your router supports it, the easiest way is to simply turn on the guest network. If not, you can purchase a cheap used router, connect it behind your first router and give it a different SSID and password.
Sharing Printers & Scanners
Outside of an Internet connection, the next major feature people request is printing and scanning. Maybe to print a boarding pass or something like that is usually what I hear. Now if you have users connecting to a separate wireless network in your house, then printing may not be possible if the printer is connected to a different network.
In the case where you have a printer that attaches by cable, just attach the printer to their computer if they have one or simply use your own computer and print what they need for them. If you have a wireless printer and they want to print from their computer, the best way to do this is to use Google Cloud Print. As long as they have a Google account, you can simply share your printer with them via email and they can print from their computer without having to install any drivers or anything else!
I have written a complete guide to setting up Google Cloud Print, which walks your through the process of setting up your printers so that you can print to them from anywhere in the world from any device. The best thing about this method is that it works with any type of printer: wired or wireless, old or new, connected to your network or connected to your computer. It’s super easy to setup and the ability to share a printer with someone via email is just amazing.
For scanners, you can either connect it to their computer directly or use a USB stick and attach it to the scanner if you have an All-in-one type of device.
Guest Computers and Accounts
There are times when a guest has to use one of your computers to get their work done. In that case, the best option is to log them onto your computer using a Guest account. Using a guest account, you can rest assured that they will have limited ability to change computer settings and more importantly, will not be able to access sensitive documents, emails, passwords, browser history or anything else.
The nice thing about the guest account in Windows is that it prevents the user from installing software, which can be a real issue if you have a younger adult or kid who wants to use your computer. They can’t change any system settings, add hardware or create/change the password for the guest account. It’s pretty much locked down and you don’t have to do anything other than make sure you log into that account before giving them access.
Normally the Guest account is disabled on Windows by default, but a quick Google search will show you where in the Control Panel you need to go to enable it. After that, you’ll see the Guest account alongside your normal user account.
On a Mac, you can also enable a Guest user account. Just go to System Preferences, click on Users & Groups and then enable the Guest user.
Of course, you always need to make sure you main user accounts on Windows and Mac have passwords, otherwise the person could simply log off the Guest account and then just click on your other account and log in if there is no password.
Finally, if you’re like me, you might have an old computer or netbook lying around that you no longer use. In that case, just wipe it, install a fresh copy of Windows, install the local printers and enable the guest account. When someone needs to use a computer, just give them the spare, which will be locked down and you’re good to go.
If you have a different setup for allowing your guests to access your local network, please let us know in the comments. Enjoy!