Yes, you can create a separate secure network on public Wi-Fi.
Yes, you can create a separate secure network on public Wi-Fi.
I’m hoping the crucial equipment stays offline, especially the wireless router’s Wi-Fi. If possible, I’d switch off the router’s internet connection entirely. Many networks are vulnerable to common attacks that let an intruder obtain the password and take control. To protect against this, you can restrict network access by permitting only specific MAC addresses. Since I’m aware this topic might pique interest, I’ll explain the process without revealing technical steps.
When connecting to a Wi-Fi network using WPA2, you’re required to enter the password—this shared key or passphrase. Normally, devices store this information and automatically reconnect when they detect it nearby. However, once a device is disconnected, it may continue searching for the strongest signal. An attacker can exploit this by sending a strong signal, spoofing your MAC address and network name. When the targeted device tries to reconnect, it will favor the attacker’s signal, prompting it to hand over credentials. This allows the attacker to access your network freely.
Corporate networks often prevent this by using secure login portals and requiring specific operating system images with unique signatures. Only authorized users can connect, adding an extra layer of security.
The devices will all connect to open WiFi unless additional measures are taken. Our helpers aren’t always skilled in internet safety, so I’m aiming to shield them from other devices and possible dangers like viruses or ransomware. My manager doesn’t seem to understand my worries about security. I think the latest software should store the required data on one machine, with the others joining via a network. I wanted to create a private network while still allowing wireless communication. Is this feasible? I see the data in the command prompt search—what should I do next?
When all device IP addresses match across your network—including your laptop—they belong to the same VLAN or segment. To isolate this traffic, you'll need a different SSID and access point capable of tagging packets with 802.1Q for separate VLANs. An upstream router must also support routing these tagged packets. If your environment includes enterprise networking gear, this setup is feasible but requires network access and technical expertise. Keep in mind that AngryBeaver is right: wireless introduces uncertainty. This applies equally to all wireless traffic. In light of this, I’ll share details about the vulnerability AB mentioned—Krack—which is widely documented. You can find reliable info here: https://www.krackattacks.com/ However, a MAC whitelist isn’t effective since attackers could spoof your device’s identity. Flash pages fail because they risk man-in-the-middle attacks. This highlights a limitation of WPA2, which currently offers limited protection. If you're using wireless, ensure connections use strong encryption (TFTP, SSH, HTTPS) for added security.
Everyone and their dog can fake a MAC address, but locking them won’t help much. Besides the KRACK breach, WPA2 offers the strongest consumer Wi-Fi protection. Replay attempts fail on WPA2 since the challenge-response feature is built into the protocol.