1. Home
  2. UK Do-It-Yourself Forum
  3. Stopping a PC connecting to the Internet
  4. Page 2

Stopping a PC connecting to the Internet

Perhaps I misunderstood, but I thought the OP was talking about a home network with a few machines at most?

What is appropriate advice for one circumstance may not be for another.

If none of the network machines can access the plasma PC (i.e. we are only enabling the plasma PC to reach out to a shared folder on one other machine), then the main risk comes down to the user on that machine running an infected binary that they have placed into the shared folder on the "gateway" machine.

If the only thing you copy from the LAN machine are gcode files for the plasma cutter, then I can't see much risk.

If one wants to patch the plasma machine, then doing that offline using WSUS[1] update would seem like a more sensible option. There is certainly no need to allow windows update lose on it.

(Perhaps less so with a plasma table, but keep in mind that CNC setups may take tens of hours per run, and the last thing you need is a windows or virus scan update messing with it half way through a job)

[1]
formatting link
Reply to
John Rumm
Loading thread data ...

formatting link

;-)

Reply to
John Rumm

Yes, home network with about a dozen or so machines hung off it

Andrew

Reply to
Andrew Mawson

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Still not sorted your own PC out, then?

Reply to
Huge

Is there any way you can run a command line instruction just before any cutting?

formatting link

That and a blank gateway IP address should make things pretty safe.

Reply to
Fredxxx

I'd have thought it was simple. If its got a wifi adaptor, the unload its drivers and tell it not to use this device in thehardware part of control panel. If its a wired oonly pc which most of my home ones are, theere is no wifi, just a network cable, so it can be unplugged

Of course one place that infection can come from is the ramstick you bring in your designs etc on, so one needs to be very careful. Brian

Reply to
Brian Gaff

I think the point of the exercise was to maintain a LAN connection with limited access, but not allow that machine internet access even if the router provided it for the rest of the LAN.

Reply to
John Rumm

Correct :)

Andrew

Reply to
Andrew Mawson

People have suggested various options which amount to mis-configuring things so they can't talk. That's a bit fragile because if they manage to successfully configure (eg make a DHCP request) then it'll blow through the 'protection'.

If you want actual segregation, you have a couple of options:

1) buy a second ethernet interface for the PC. USB ones are a few quid. Make sure the PC doesn't have 'internet connection sharing' turned on. 2) if you can't have another interface or don't want extra wiring, it's possible to emit packets with VLAN tags. You can make two virtual interfaces, one for the cutter and one for the rest - the cutter has a specific VLAN tag on it. A VLAN (802.1q)-enabled switch (eg [1]) will allow you to split up the traffic so tagged packets go to one port (the cutter) and untagged go to the rest.

The second approach is the 'enterprise' way of doing this - it scales to make larger systems with many overlapping networks over the same physical cabling. It's much more sustainable than short-term hacks.

Theo

[1] They're pretty inexpensive at the bottom end these days - 25 quid:
formatting link
Reply to
Theo

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.