How can I set up a split network at home?

I run a home based business and we have 3 computers for the business.  My problem is my wife and kids also have computers and they can see the business computers and access our share folders, obviously because they are on the same network.  I may be missing something simple but is there a way to kind of segregate the 3 business computers from the other home computers?  I am willing to buy equipment/software....I just don't know how to go about it.  Everyone is running Windows 7 Pro.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
You can use 2 (if the ISP will assign multiple IPs) or 3 routers to create an isolated network that share the same Internet connection.  I blogged a while back about how to do so with 3 different configurations.  You may find the article helpful.
JohnBusiness Consultant (Owner)Commented:
You may wish to transfer data between systems at some point, so the simplest way is to secure the business computer with a user name and strong password. Do not share the drive on this machine and secure business folders so that only the necessary people can see them.

That way, the family might see the structure but they will not be able to access data at all.

The other way is to get a router for your business, hook up the WAN port of the router to a LAN port on your network. You should now get a different subnet on this router (you may wish to check the subnet addressing).

Now the business computer is divorced from the family and it is unlikely they could get in. Still secure the machine and the critical folders.
Basically, you could just assign the separate network segments.

I.e. when you use

Family mask
Biz mask

(presumably with fixed IPs, and w/o DHCP) the two network segment's inhabitants won't see the inmates of the other segment, even while sharing the same physical net. It would be a little bit tricky to give both of them internet access at the same DSL box, but that's possible at least if you use a box which could be configured for two separate IPs on one network port -or you could use some old PC as router to the DSL box. It should be configured to connect to the two separated networks w/o routing between them.

You could even set up an additional network segment for shared devices (i.e. a printer), fur which you set up routes into the shared net with i.e. mask (even on the same hardware network). In the latter case you'll need some old PC to route from the separated nets into the shared seegment.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

There are two options.

1.) Build a Ubuntu Server with two networkcards as a router
So your business has a different subnet then your private ones. Your corporate for example and your private
2.) Build a domain with a active directory server
then you can decide who can see what and how to access. But this is for a so small enviroment too big.
I agree to secondary wireless router.
There's no need for separate physical networks ... with the configuration as lined out above the networks would be logically separated. That would be simple and needs no additional hardware.

If one of your stations is allowed to play in all networks and be capable as router, you could even use a very simple scenario with exactly ONE physical network:

Use the following IP cofiguration:

Family i.e. mask
            for all stations of the family

Biz       i.e. mask
            for all stations of the business

Tool     i.e. mask
            for all shared ressources like the DSL router,
            printer, NAS for all, etc.

All stations are connected to the same physical network, and the common station is confiured with 3 IP addresses on its network card. The common station needs to be configured as router (maybe with a firewall software) and allows routing for

Family <-> Tool
Biz <-> Tool

That's all.
Rob WilliamsCommented:
Though that is possible I don't think I would call it simple.  You would need to provide details for the author as to how to enable routing which is disabled on a PC by default, configure static routes since ICS will not work with manually assigned subnets or more than 2, configure static IPs for devices not on the DSL subnet so no DHCP, define default gateways -the PC, and configure firewall rules.
tchristmanAuthor Commented:
I'm not positive Comcast will assign multiple IPs to home customers.  If I were to switch around the IPs can you outline for me exactly how I would do that?

Rob WilliamsCommented:
>>"I'm not positive Comcast will assign multiple IPs to home customers."
Many ISP's do not offer multiple IP's but it works if you are a DHCP client.
The link I provided gives you 2 other options and details as to how to do so with a single IP>
You don't need more IPs from your ISP. Usually DSL boxes will use NAT, which means they use only one IP assigned by the ISP and create a private subnet on the private side. All connections share the ISP assigned IP address, which means all connections look like originating from the ISP assigned IP address (and the DSL router translates them for the private net ... therefore the term NAT (network address translation)). That way a couple of stations (PCs, handies, webcams, IoT appliances, etc.) can share a single DSL connection. I presume your DLS router already works like that.

You could leave DHCP active on the DSL box, but you'll have to ensure your stati IP addresses don't collide with the DHCP addresses. You'll have to assign proper, unique IP addresses out of the private range (as I lined out before, even for the DSL box inner side). This would have to be planned in advance and be done manual on the affected PCs in the respective OS network settings dialog. I.e. Common PC 1st address on network card Common PC 2nd address on network card Common PC 3rd address on network card Family PC 1 Family PC 2 Family PC 3
(...) Biz PC 1 Biz PC 2 Biz PC 3
(...) DSL box inner side Printer shared NAS

Afterwards you'll disable the DHCP serice on the DSL box.

The seutp of a router service could be possibly omitted if the common devices (printer and shared NAS in my example) are capable of using more than one IP address on their network port (or have more than one). In that case you could just set up a proxy program on the common PC that manages the surfing - I see no other use for routing in your case. There are free (simple) proxy server programs around for D/L.
Well the easiest thing to do is go on there computers and turn off network discovery.

Open up network and sharing on the left. Click on change advanced sharing settings. Select to turn off network discovery and any other items you want off.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.