Guest network on a separate VLAN is the way to go.
This is the way.
I ain't no IT expert but what are some things a vulernable windows computer can do?
In general, a compromised system may be running any software the attacker might find useful, including, but not limited to:
- keyloggers to find passwords that are in use in the company
- software to copy sensitive files to a remote server
- software to encrypt the system itself or (if the computer has access to other machines on the network) other computers
- produce documents (think, mail) that purport to have been created by the user of the corrupted machine.
The users tend to be less tech savvy than Linux users so they tend to not have adblockers and or allow arbitrary JavaScript from any page to run and or they are running trojanized software because the uploader was "trusted".
Due to market share they are the biggest target.
Untrusted devices should be on an isolated subnet or if you have the time only devices that need to talk to each other should be on the same subnet.
In an ecosystem where the solution to every problem is “Download this piece of software someone wrote because the standard Windows utilities are worse than useless and don’t provide this basic functionality”, you can’t really blame the users for running every script they encounter uncritically.
I don't blame them, as you say it is the software ecosystem itself.
Windows PCs often carry viruses that can try to compromise other parts of your network. They are also a privacy concern in a big way especially after windows 10.
I see we are still living in 1999.
my joints are telling me otherwise
I went on a trampoline with my kid and my knees are still shaking 2 days later....
Well block all Microsoft website on your routers firewall
You must have winshit nightmares.
Well I don't see what the problem is…
Call me dumb, but... to me that just sounds like an insecure network, labeled "secure" as long as someone physically guards all the ethernet ports
linuxmemes
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudo
in Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!