home wireless network questions

[dreaded_beast]

Where does a firewall fit into all of this? I've been using a software firewall on my PC (Zone Alarm) -- is that sufficient for my wireless laptop?

From what I've seen, many of the wireless routers available already have a firewall built-in. I have a D-Link router, which already comes with a firewall. The firewall is configured using your web browser and is somewhat easy to understand if you spend a little time familiarizing yourself with the terms and the various settings.

I've heard of people using more than one firewall for extra security. They would use their hardware firewall for the first line of defense, then they have a software firewall on their computer. I think the only thing that needs to be done is making sure all your settings are correct on each firewall. I'm not really an expert, so maybe someone else can fill you in.

A firewall may also need to be configured depending on what you are doing on the Internet. For the majority of users, the firewall can probably be left at the default settings (the settings recommended my the manufacturer), but if you are the type to play on-line games, do P2P, or run an FTP server, etc., you may need to get more technical when adjusting your firewall.

 

[Psionicist]

It's not that I don't think you can configure your wireless LAN yourself, but I just want to inform you with the "dangers" of a WLAN. Typically you share files and Internet with your WLAN so you can browse ENWorld outside (it's summer after all!). The problem here is that to do this the wireless computer needs direct access to your local network. Unless Zone Alarm is configured to block access from your other computers (which is really inconvenient), there is a potential problem comparable with an unauthorized user plugging in his computer in your router/switch/hub/"LAN device". With the windows filesharing protocol, he can probably use your printer, internet connection and download your shared files directly.

Now, because security is such an obvious problems with WLAN, there are several methods used in wireless routers and such to secure the system as much as possible, such as encryption. And here's the real problem: Cracking this encryption is fairly easy (see the wardriving link above). Here's another disturbing problem: Most popular wireless routers from Linksys, Netgear etc has security problems themselves: http://slashdot.org/article.pl?sid=04/06/05/1250244&mode=thread&tid=126&tid=137&tid=172&tid=193

What you can do is put the wireless equipment in a DMZ, demilitarized zone: http://www.webopedia.com/TERM/D/DMZ.html but this require quite a bit of configuration in itself.

My point is, call your nerdiest friend, the one who runs Linux (or whatever) and ask for suggestions. They are usually quite informed with safety.

 

[dreaded_beast]

My point is, call your nerdiest friend, the one who runs Linux (or whatever) and ask for suggestions. They are usually quite informed with safety.

Hey Psionicist, you ever have problems connecting to a neighbor's wireless network instead of your own? Does it have something to with signal strength, position of the antenna, etc.?

I've been having problems lately becoming disconnected and my desktop usually detects my neighbor's wireless network as the preferred one, regardless of what settings I set.

 

[Setanta]

If security is really a concern (like, you use Microsoft file sharing and don't want strangers to participate), then find a wireless adapter and access point that support AES. Unfortunately, they're more expensive, and harder to setup, but that's what you're going to have to do. Any lesser encryption can be easily cracked (see above). Any of these other security measures we've talked about can be circumvented by someone who really wants in (limiting MAC's, suppressing SSID broadcasts, ZoneAlarm, etc.).

Note that a firewall in your wireless access point will only protect you from the outside, i.e. the Internet. If you setup one of these boxes and connect it to your DSL/cable modem, and then connect via wireless, you're wide open to another wireless user associated with your access point. So, keep up to date with the most recent patches, and don't use MS file sharing.

 

[EricNoah]

Fortunately I do have some nerdy friends so I can get plenty of help. It won't really be a "network" in the sense that I'm not going to be using two computers, just the laptop (sometimes pluggd into my internet connection, sometimes wireless). I shouldn't need to have MS file sharing active or anything like that.

 

[Aeolius]

...I'm not going to be using two computers, just the laptop (sometimes pluggd into my internet connection, sometimes wireless)

try this one, then: http://www.apple.com/airportexpress/

 

[MarauderX]

try this one, then: http://www.apple.com/airportexpress/

Yikes. Ahem. Don't. IMO.

As far as people logging onto your WLAN, I wouldn't worry about it too much unless you live in the middle of a bunch of high-rise apartments. It's easy for someone to sit around an apartment complex and boost their signal to hop onto your WLAN if you don't have it tightened up, but even so it's not like it happens all the time everywhere.

Eric, I bet you will be surprised at how easy it is to set up a WLAN these days, and would also recommend the D-Link and Linksys, as well as <cringe> microsoft.

 

[Aeolius]

Yikes. Ahem. Don't. IMO.

I suppose I should have mentioned that it works for Macs and Windows machines. I use an Airport wireless network at home and could not be happier. I can carry my son's laptop (iBook, naturally) down to the basement and hook it up to the projection TV, or carry it out on the patio and still get a strong signal. The iMac in the kitchen also utilizes the wireless network, as the coax in that part of the house was shot.

 

[MarauderX]

I suppose I should have mentioned that it works for Macs and Windows machines.

What I doubt most are aware of is that it does not provide much in the way of protection. It was hackable when it was released, and unfortunately wasn't updated for several years. But let's not digress into the age-old mac vs. windoze debate. Were I Eric I would stick with the system I know.

 

[Aeolius]

What I doubt most are aware of is that it does not provide much in the way of protection. It was hackable when it was released, and unfortunately wasn't updated for several years.

Completely untrue. There have been several updates to Airport, both in software and hardware, over the years.

From http://www.apple.com/airportextreme/ :
"The AirPort Extreme Base Station comes equipped with a built-in firewall to help prevent unwanted access to sensitive data on your computer. It’s also certified for Wi-Fi Protected Access, which greatly increases over-the-air data protection and access control on wireless networks."

Airport's security includes:
- Wi-Fi Protected Access (WPA) (10)
- Wireless security (WEP) configurable for 40-bit and 128-bit encryption
- MAC address filtering
- NAT firewall
- Support for RADIUS authentication
- 802.1X, PEAP, LEAP, TTLS, TLS

The chips that Apple uses for AirPort Extreme are already designed to take advantage of 802.11i, which will provide government-grade encryption.