How to isolate 5 computers on a network?

[deepakvrao]

Hi Guys,

Noob here so please bear with me.

Just set up a data cabling in my new hospital building. Have incoming ACT broadband to a router which is connected to a switch [I think that's what it is called, and is being installed today]. From there I have cabling to 14 point in the building.

I want people who connect at any point to have internet access, but 5 points [hospital office, my office and reception, lab, pharmacy] should have computers which can access a server in the office. All are running either Win 8 or XP.

How can I set a local network for these 5 computers which cannot be accessed by the other people? Anyway to set up a group which needs a password to login etc?

 

[6pack]

Lots of ways to do this.
1- You can put these five computers on a different sub net mask instead of usual 255.255.255.0.
2- You could use a different ip address range for these comps.
3- You can put these comps in a dmz.
4- You can put them in a different computer group (in same ip range) with access restrictions too.

Deciding which is better for you depends on what your requirements are.
Just google how to do any of the above methods to find out more about them.

 

[deepakvrao]

Thanks. Will start the googling.

 

[Crazy_Eddy]

If you only want to share a folder, you can set up a workgroup and add folder security so only those with user/pass credentials can access it : http://windows.microsoft.com/en-us/...1&v2h=win7tab5&v3h=winvistatab1&v4h=winxptab1

3- You can put these comps in a dmz.

Not a DMZ. That would expose all the comps.

 

[6pack]

In a dmz only the router ip would be visible right? I mean considering that nat is setup.

 

[deepakvrao]

If you only want to share a folder, you can set up a workgroup and add folder security so only those with user/pass credentials can access it : http://windows.microsoft.com/en-us/...1&v2h=win7tab5&v3h=winvistatab1&v4h=winxptab1


Not a DMZ. That would expose all the comps.

I just did that this morning. Created a 'Homegroup' and got a pw generated from the control panel. Left all drives to non sharing status, except one drive on the server which hosts the main hospital software.

 

[Crazy_Eddy]

In a dmz only the router ip would be visible right? I mean considering that nat is setup.

What I understand is that DMZ removes the firewall and exposes/forwards all the ports of the computers inside this DMZ which would otherwise be guarded by the firewall. People usually do this if they're setting up these comps to act as firewalls or proxy servers themselves.

 

[vivek.krishnan]

DMZ is a no no unless the main router/modem is connecting to another router. Exposing all your services on the internet is a sure fire way to get screwed, big time.

Would suggest to use two networks, one with 192.168.1.X/24 and other as 192.168.2.X/24. This would ensure that both are not accessible from each other, so that people dont use the computers you dont want them to use to access the hospital records.

In order to implement this on the cheap - would suggest to get two more routers, and DMZ from the main ACT modem to the IPs of the other two. Ensure that only necessary ports are forwarded.

Ensure that the main server has a strong Administrator password with a different username + disable the default account.

Ideally, would suggest to get a proper IT chap to do your stuff - medical records should be properly secured. It would do no good to goof up.

If you have any Q's, please PM me with your queries and email address - will try to get back to you.