Chris Horvatich

Setting Up a Secure and Segmented Home Network: A Step-by-Step Guide

chorv

Introduction:

With the increasing number of devices we have in our homes, setting up a secure and efficient home network is more crucial than ever. From gaming systems to work laptops, ensuring each device can communicate safely and effectively is essential. In this guide, I’ll walk you through how I set up my home network with a focus on segmentation using VLANs.

Understanding My Home Network Devices:

Before diving into the setup, let’s get acquainted with the devices on my home network:

  1. Proxmox on a mini PC: A powerful virtualization platform.
  2. Synology NAS: My centralized storage solution, also running a Plex server for media and Proxmox Backup Server as a VM.
  3. Firm Laptop: My primary work machine.
  4. Testing Laptop: Used for various testing and experiments.
  5. Gaming PC: For leisure and intense gaming sessions.
  6. PS5: My gaming console.
  7. Personal Laptop: For general browsing and personal projects.

Why VLANs?:

Virtual Local Area Networks (VLANs) allow us to segment our network. This ensures that each type of device is isolated in its own segment, improving security and traffic management. For instance, you wouldn’t want your gaming PC to be on the same network segment as your work laptop due to potential security risks.

Setting Up VLANs with a Managed Switch:

Using a managed switch, I segregated my devices into different VLANs based on their purpose and security requirements.

  1. VLAN 10 – Core Services:
    • Devices: Proxmox, Synology NAS.
    • Purpose: This VLAN houses devices crucial for the functioning of other devices. It’s kept secure and has restricted access.
  2. VLAN 20 – Work:
    • Devices: Firm Laptop, Testing Laptop
    • Purpose: A dedicated VLAN for work ensures that my professional data remains secure and isolated from other potentially less secure devices.
  3. VLAN 30 – Personal:
    • Devices: Personal Laptop, Gaming PC, PS5.
    • Purpose: This VLAN is optimized for low latency and high performance. It’s separate to prevent any game-related traffic or potential security risks from affecting other devices.

Special Mention – Plex and Proxmox Backup Server:

The Plex server on my Synology NAS allows me to stream media across devices. Since it’s on VLAN 10, I’ve set up specific rules to allow devices from other VLANs to access it without compromising security.

Similarly, the Proxmox Backup Server, running as a VM on the Synology NAS, needs to communicate with the Proxmox instance on my mini PC. Proper firewall rules ensure this communication is smooth and secure.

Conclusion:

Setting up a segmented home network might seem daunting at first, but with careful planning and a clear understanding of each device’s purpose, it becomes manageable. Not only does this setup improve security, but it also enhances network performance by ensuring that traffic is properly prioritized and managed.

Remember, as your network grows, revisiting and refining your setup is essential. Happy networking!

«
»