Как я могу сделать частную сеть в моем доме?

Is what I'm thinking doable ?

Yes this can be done & all you need is a wireless router that allows Guest Network

With that, your guests would be able to connect to your wireless router not your ISP box.

I am not sure if you really want to allow your guests to connect to ISP box & why but it doesn't seem like a good idea to me

If yes, do I need a specific router (I haven't bought it yet) ?

Most of the modern age routers have this feature be it Netgear, Dlink or Cisco Linksys etc.

If you don't want to spend money on a new router, depending on what kind of router you currently have, you can also try some firmwares that provide such functionality

And how do I need to configure my network so that the computers in the public network can't see those in the private one ?

What you are trying to do is called Wireless isolation & it shouldn't be more than few clicks to enable it.

Note : Above screenshots are taken from Netgear & may vary from one router manufacturer to other.

The simple solution would be to connect the WAN port of your wireless router to a LAN port on the ISP box, and you're basically done. The wireless router most likely has a built-in NAT firewall which denies incoming connections but allows outgoing connections, so computers in the private network will be able to access machines on the guest network but not the other way around.

This is probably sufficient if you're just trying to restrict access to shared files, printers, etc. but note that it's not quite 100% secure. The Internet traffic from your private network will be flowing through the guest network, so by using an ARP spoofing attack, a malicious guest could potentially snoop on your Internet activity by redirecting it through his own machine before it reaches the ISP box. Whether this is an acceptable risk or not is up to you to decide - I assume that your actual guests are decent enough that they wouldn't try it while they're in your house, but your neighbor or someone on the street might. If you use this method, it would probably be a good idea to keep the guest network locked until you need to use it, rather than leaving it unsecured.

A better and neater solution might be to just purchase a wireless router that has guest networking capabilities built in, and then just disable WiFi on the ISP box entirely. When the guest network is enabled, the router will broadcast two SSIDs at the same time, the guest network will be automatically isolated, and you will be able to set different passwords for the two networks. It'll be easier to manage and the guest network will be more fully segregated from your private network.

Yes this is pretty doable. You need to buy a router that has one Ethernet WAN port and Ethernet/WLAN for LAN. Connect the WAN port to one of the LAN ports of the ISP router, configure the router to get WAN-IP through DHCP, turn off PPPoE, and finished.