Business WiFi
Back to Top

how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC3939B

SOLVED
Trusted Forum Contributor

how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC3939B

unlike many people, i am actually willing to give this feature a try. i am considering having a DPC3939B installed at a residential location that is primarily used for hosting my email. however, i would like to know how truly separated out that open wifi network is from the LAN, and in particular from the mail server using 1 of the static IPs there. Can i be confident that users of the xfinitywifi will have NO access or visbility to my internal subnets, and vice-versa? Will their traffic appear on the public internet to be coming from my Comcast-assigned gateway IP?

Accepted Solution

Re: how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC

Hey train_wreck,

 

If I could find access to the DPC3939B (DPC) motherboard schematics, firmware code, etc.,  I would be able to answer your question with more technical credibility. However, I do know about it's wireless security configuration parameters that may provide some useful imformation to your questions.

 

You can control who can literally access your DPC wireless 2.4 & 5.0 facilities by using the internal channel and/or MAC Address filtering capabilities. This is more of a intra-trust network security, if you will, but certainly can control who you allow to access any DPC WIFI  capability.

 

It is my understanding that the DPC DHCP Server MUST be enabled for your private or public WIFI to be operational. This suggests that there would be some DHCP subnet user commonality. However, it is my understanding that static IP network addressing is on its own subnet and the DHCP subnet should never be able to cross paths without some VERY sophisticated internal inter-networking configuration. If you have your staticIP and DHCP both configured and enabled, the standard port-forwarding, triggering, etc. could be used to enable internally configured device application ports to be opened for remote access, as you know.

 

Hope this somewhat helps you out.    

View solution in context
Accepted Solution

Re: how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC

yes thanks, i went ahead and upgraded to the DPC. For all intents and purposes, the hotspot seems completely isolated; though you were correct about needing DHCP enabled, clients on the hotspot network are designated local addresses within 192.168.0.0/24, and emerge on the internet via a 50.x.x.x public address that geo-locates to around Massachusettes. I can find no point at which the gateway, private LAN, or static subnet is revealed to hotspot clients.

 

Thanks for the info again.

View solution in context
Trusted Forum Contributor

Re: how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC

Hey train_wreck,

 

If I could find access to the DPC3939B (DPC) motherboard schematics, firmware code, etc.,  I would be able to answer your question with more technical credibility. However, I do know about it's wireless security configuration parameters that may provide some useful imformation to your questions.

 

You can control who can literally access your DPC wireless 2.4 & 5.0 facilities by using the internal channel and/or MAC Address filtering capabilities. This is more of a intra-trust network security, if you will, but certainly can control who you allow to access any DPC WIFI  capability.

 

It is my understanding that the DPC DHCP Server MUST be enabled for your private or public WIFI to be operational. This suggests that there would be some DHCP subnet user commonality. However, it is my understanding that static IP network addressing is on its own subnet and the DHCP subnet should never be able to cross paths without some VERY sophisticated internal inter-networking configuration. If you have your staticIP and DHCP both configured and enabled, the standard port-forwarding, triggering, etc. could be used to enable internally configured device application ports to be opened for remote access, as you know.

 

Hope this somewhat helps you out.    

Trusted Forum Contributor

Re: how securely separated is the "xfinitywifi" from the private WiFi/LAN on the Cisco DPC

yes thanks, i went ahead and upgraded to the DPC. For all intents and purposes, the hotspot seems completely isolated; though you were correct about needing DHCP enabled, clients on the hotspot network are designated local addresses within 192.168.0.0/24, and emerge on the internet via a 50.x.x.x public address that geo-locates to around Massachusettes. I can find no point at which the gateway, private LAN, or static subnet is revealed to hotspot clients.

 

Thanks for the info again.