In general, all the computers and devices that we connect to the same router are connected to each other. This is because, unless we change something by hand, the router will give them a different IP, within the same network, and they will be in the same subnet. Thus, in addition to being able to connect to the Internet, they can share resources (files, folders, printers, etc.) with other connected computers. The LAN network is the simplest way to interconnect several computers at the same time. However, it is not perfect, it has drawbacks. Especially in terms of security and privacy.
Reasons to hide a PC on the LAN
Surely when we think of a LAN network, and of being able to connect with other computers, the first thing we see are the advantages. It is very easy to share files without the need for configuration or software. Windows 10, via SMB, makes it very easy, even after the disappearance of the Homegroup. However, some isolation and security features and options are missing. And doing it using NTFS permissions is really tricky.
In a family home, having computers and devices connected together shouldn’t be a problem. Unless one of the computers is infected with malware, and it reaches our PC through the LAN connection. However, if we share the apartment with friends, strangers or connect from public networks, being visible to others within the LAN is anything but safe.
In addition to being exposed to the problem of malware, if we are available to other users within a LAN, they can try to connect without permission to our PC through brute force or through possible vulnerabilities. They can also use the data that we reveal within the LAN to discover and identify us, and to carry out more complex cyber attacks. Even access certain shared resources that, by mistake, we have left open.
And, therefore, it is necessary to hide and isolate our computer, to avoid dangers.
How to isolate our computer in LAN
Isolating the computer within a local LAN is not a foolproof method. We will be avoiding using the functions and protocols to share data within the network, but we will continue to be exposed to possible network attacks, for example, ARP Spoofing. What we do with this configuration is to avoid “being seen” by the Windows discovery functions.
The Internet will continue to function normally. The only thing we will lose is the ability to share files and resources with other computers connected to the LAN, and, of course, the ability to access theirs.
Configure our PC as a public network
All firewalls, even the one in Windows 10, allow us to choose how our network works. We can tell you if we are connected to a private network, to make it less restrictive, or to a public network. In case of selecting a public network, the firewall will be in charge of telling Windows that we are connected to a network that is not trusted and that, therefore, it is hidden in the network and does not share files and resources with others.
Disable network discovery
One of the ways we have to do this is to disable Windows network detection. To do this, what we must do is access the Control Panel of our PC (we can search for it within the Windows search engine), and from moving to the following directory:
Todos los elementos de Panel de control > Centro de redes y recursos compartidos > Configuración de uso compartido avanzado
If we do not find the option “Advanced sharing settings”, it is in the left column in the network center.
Now, in the «Private» section, we can find a category called «Network detection». Inside it is where we will find everything related to how we want our PC to detect other computers or be detected by them.
Here we must deactivate the network detection options to prevent them from finding us. We must also disable file and printer sharing to prevent other computers from accessing our data and resources.
We apply the changes and that’s it. We have already disabled these options.
Use a subnet
If we have advanced knowledge of the network, another technique we can use to hide our PC from others is to use a different subnet. Subnets are created by changing the subnet mask in Windows IP settings. Computers can only communicate with computers on the same subnet. Therefore, if we connect to another, we will be isolated.
Of course, we must bear in mind that, to connect to the Internet, either we connect to the same subnet as the gateway, or the router must have routes configured to be able to connect.
Remember to change the settings when connecting to another network
If we carry out the previous configuration, it will be applied by default for all networks. This means that if we later connect to another network (for example, at home), the discovery of the networks will continue to be limited. And, therefore, we will not be able to interact with the other computers or equipment on the network.
Therefore, if we want to be able to connect again with the computers on the network, it is necessary to change those settings again to allow both the discovery of the PC on the LAN and the sharing of files and resources.
The best way we can easily do this is by choosing as “public network” those to which we connect that are not trusted, and as “private network” those that are. When we connect to a network for the first time, Windows will ask us what type of network we are connecting to. And when we choose one of them, it will not ask us again until we connect to a new one.
In this way, we can have Windows configured to protect ourselves when we connect to certain networks that may be dangerous (shared networks, open networks, bars, work, etc.), and, when we return home, we can continue to share our data and resources with them. other PCs on the network.