• NOW LIVE! Into the Woods--new character species, eerie monsters, and haunting villains to populate the woodlands of your D&D games.

Network Question

Wireless is great if you either (a) know how to properly secure it (and I mean WEP, not the old stuff), or (b) want to share your connection with the rest of the world.

But be aware that going wireless really opens you up to more viruses and such if you are in an area with neighbors close by, such as a townhouse or apartment. On every wireless router I've seen, the wireless defaults to allowing connections to the wired ports, meaning that wireless users can get to your other machines.

This isn't a big deal if you keep your Quicken accounts and Excel expense reports off the network, but otherwise... I've got a complicated setup in my home office because my wife wants 'net connectivity, but I won't let her put Quicken, TurboTax, or our accounting/invoicing machine anywhere near the router. So I have a second router which does not allow any incoming connections and my office computers are behind that. Her laptop is outside that network so that she can get to the 'net. And when she's doing our accounting, she comes into my office and sits at one of my Linux machines. :)

One of these days I'll setup a FreeRADIUS server and run WEP and that will prevent using the wireless AP for anything except connecting to an authenticator. And the authenticator will forward legitimate traffic to the 'net. Others won't be able to sniff packets (WEP is pretty good) and I won't be concerned about her machine exposing our accounting information to the world. Because Windoze will be the only weak link at that point, I'll be switching her over to Linux -- she even bought her own "Linux for Dummies" book at Borders a few weeks ago. :)

In summary, if you're going to use wireless, be careful. Be very careful. ;)
 

log in or register to remove this ad

Well, here are a couple of options.

Wireless is fine, as long as you use WPA, WEP is the old stuff, WiFi Protected Access is much newer. I would also recommend MAC address access lists on each access point, separating the wireless network onto it's own VLan and have that VLan flow through a firewall before reaching your wired network. One can never be too secure when dealing with wireless. And whatever you do, DON'T BROADCAST YOUR SSID and CHANGE THE DEFAULT SSID. Not broadcasting an SSID but using "linksys" as the SSID is just as good as broadcasting it.

If your friend want to segment broadcast domains then I would recommend 1 Core Layer 3 switch with VLan's enabled and one Layer 2 switch for each other floor connecting. The 1 core switch does all the interVLan routing. Each uplink port is configured as it's own VLan w/ its own ip address, each other swtich sets its default gateway to the Vlan IP address in the core swtich it's plugged into.

Here at work I have 1 Cisco 3550 as our core "router". 5 different office all come through dark fiber and connect into that switch. Each office is their own subnet and the 3550 performs all the interVLan routing.

Much easier to manage than multiple routers.
 
Last edited:

azhrei_fje said:
Wireless is great if you either (a) know how to properly secure it (and I mean WEP, not the old stuff), or (b) want to share your connection with the rest of the world.
Click to expand...

Do not use WEP. It is the "old stuff", and it's been broken since the turn of the century. WPA and the newer WPA2 are your best bet, preferably with AES encryption (military-grade).

azhrei_fje said:
But be aware that going wireless really opens you up to more viruses and such if you are in an area with neighbors close by, such as a townhouse or apartment. On every wireless router I've seen, the wireless defaults to allowing connections to the wired ports, meaning that wireless users can get to your other machines.
Click to expand...

In any case, never take a wireless router out of the box and install it as is, unless you wish to provide a community service. Viruses and worms become irrelevant when your network is properly secured. If you still wish to provide an open access point, just put it on a separate interface on your firewall and block traffic to/from interfaces.

azhrei_fje said:
One of these days I'll setup a FreeRADIUS server and run WEP and that will prevent using the wireless AP for anything except connecting to an authenticator. And the authenticator will forward legitimate traffic to the 'net. Others won't be able to sniff packets (WEP is pretty good) and I won't be concerned about her machine exposing our accounting information to the world. Because Windoze will be the only weak link at that point, I'll be switching her over to Linux -- she even bought her own "Linux for Dummies" book at Borders a few weeks ago. :)

In summary, if you're going to use wireless, be careful. Be very careful. ;)
Click to expand...

Again, WEP is passé. My wireless home network, behind my firewall, runs WPA2 AES EAP-TLS (dynamic keyed AES sessions with 2048-bit X.509 certificate authentication via freeRADIUS). Good luck to whomever wants to get to my tax returns.

If you want more information on all of these terms and wireless security as it stands now, read this whitepaper by Atheros.

If you have a linux server, look at the hostapd program to turn your linux box into a secure access point.

Andargor
 

Similar Threads

CleverNickName
  • Poll Poll
Twitter Alternatives and Social Media Changes
5 6 7 8 9
Replies
89
Views
5K
Whizbang Dustyboots
Whizbang Dustyboots
Hriston
Triple Feature (+)
6 7 8 9 10
Replies
93
Views
4K
OB1
OB1
Snarf Zagyg
David Lynch: RIP and Ranked (A Celebration)
2
Replies
15
Views
1K
RangerWickett
RangerWickett
H
Syndey Sweeney is a smart business woman, producer, executive producer, and Actress
Replies
2
Views
2K
Henadic Theologian
H
Reynard
Blog or Newsletter?
Replies
8
Views
967
Morrus
Morrus

Into the Woods

Remove ads

Top