How do you secure home network when you're not the only one using it?

Question

Partner, kids and guests, you cannot expect everyone to follow good security practices. Heck, often you cannot even trust a lot of the software you use. So what do you do? Separate guest network? Separate network just for yourself?

kjs3 · Accepted Answer

VLANs. Pretty much everything supports them now other than the crappiest commercial gear.
I have:
A "front-door" network, which is the network behind my firewall. Anything internet facing is there, as well as monitoring tools (e.g. Snort). Things here can't talk back to more interior networks.
A "family" network. Generally untrusted, all the phones, iThings, IoT that I decide actually needs to phone home, kids laptops, etc. There's a guest WiFi that dovetails here.
A "work" network. Network for my wife and mine work laptops and other work specific resources.
A "service" network for all the backend stuff.
I have an OpenBSD firewall segregating things. The fileservers are VLAN attached so they have an interface on each network.

rolph · Answer

subnettingits like putting up laneways in your networkits also possible to relay an internet connection from a primary router to a secondary router so you can have control over the traffic to and from the guest routeruse an alternate DNS there are ones that filter certain contentyou could also encrypt the network traffic