How to enable devices to “see” one another on secure network at work
I work in an environment of locked-down Windows machines. I am allowed to bring my Mac and iOS devices and log in to the network (with internet access) via Ethernet (Mac) or via a WEP2-Enterprise WiFi (Mac or iOS). If I do this, each individual device is prevented from seeing any other device on the network.
What I want to do is figure out a way to enable my devices to see and communicate with each other while I am at work. Here are my crazy ideas for how to do this.
- IDEA: Connect a router directly to the network via Ethernet and create my own private subnetwork. COMMENT: I know this can be done. I've done it before, resulting in me getting a polite admonition from our director of IT security. The specific no-no, as I understood it, was connecting a routing device directly to the network. I flew under the radar for over a year, and then they identified an unknown MAC address on the network, which they were able to identify as a router.
- IDEA: Connect Mac to network via Ethernet and then share the network connection via the Mac's internal WiFi. (Is this possible? Can the Mac function as a router?)
- IDEA: Connect the Mac to network via WiFi, and then share the network connection via an access point or router connected to the Mac by Ethernet. (Is this possible?)
- IDEA: When at work, configure all my devices connect to my home via VPN using a Synology router or NAS, and configure my devices to see one other on my home network. (This sounds like a scene from the B-Movie “Inception for Geeks.” I have no idea if this is possible.)
- IDEA: Ask our IT director to configure the network to allow each of my devices (identified by MAC address) to see and communicate with each other when connected to the Enterprise WiFi.
Please give me your ideas and suggestions.
Thanks, gals and guys.
1) I have a vague memory that when a Mac "shares" a network connection it does so in a way that causes the connected devices to still be isolated.
2) Go back a step and review why you think you need your devices to talk directly to one another - rather than synchronise data via internet services.
3) Once you have put together the reasoning from number 2 above, decide in your head if this is compatible with corporate security and, if so, take that reasoning to the IT team to ask for device exemptions.
4) Not sure about your work situation, but where I used to work the procedure was instant dismissal for any deliberate attempt to subvert corporate security policy!!
A variation on 5. Ask the IT dudes why are the systems isolated and can that be changed.
2) Yes, the Mac can be a router via Internet Sharing. Whether the IT dudes would detect it as a router vs just a Mac that they already know about, I don't know.
NOTE: have your own WiFi access point can often be an issue inside a company. Having ethernet lines is far more secure than an uncontrolled WiFi access point. And a WiFi scanner running within 2-300 feet of your Mac acting as a WiFi access point would be detectable. You can configure an iPhone or a Mac to be a WiFi scanner, so it is not difficult. I'm sure there is something you could do for Windows as well and just walk around the office checking for rogue WiFi access points.
3 is similar to 2. Same warning about running your own WiFi access point. But you don't need a router, as your Mac would be the router, you would just need an Ethernet switch for other ethernet devices to be part of the Mac's subnet.
Question? Can you access another system is you know their IP address? Or does the company network only allow you to access specific servers and the internet via a corporate firewall and proxy servers?
Thanks for your thoughtful response.
In answer to your question, The IT department configured our Windows machines to print on network printers, so obviously there is connectivity.