Networking??

D

Dylan

I have a wired LAN of 4 computers, i recently bought a
laptop and wanted wireless access. I bought a wireless
Linksys router, and connected my wireless router to my
wired router. Is this a good idea, or have i got some
security issues now? I am running the laptop and 1
computer on the wireless router and 3 computers on the
wired router, or are they all vulnerable now?
 
C

Chuck

I have a wired LAN of 4 computers, i recently bought a
laptop and wanted wireless access. I bought a wireless
Linksys router, and connected my wireless router to my
wired router. Is this a good idea, or have i got some
security issues now? I am running the laptop and 1
computer on the wireless router and 3 computers on the
wired router, or are they all vulnerable now?
Click to expand...

Dylan,

Have you setup file sharing between the computers on the wired and wireless
routers, or are you just sharing internet access? A wireless attacker, if he
gets access to your wireless network, could get access to the internet also, and
since the wired network is upstream from the wireless network, could access that
likewise.

Segmenting your networks is a good idea. But, if file sharing or other
applications doesn't require otherwise, you should put your wireless network
closer to the internet, and your wired (and presumably more secure) network
below the wireless. In other words, reverse the routers as they connect to the
internet. That's the structure of an enterprise class DMZ (NOT the DMZ on a NAT
router).

Regardless of what you do, remember your wireless network will always be at
risk.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").
Enable MAC filtering.
Disable DHCP, and assign an address to each computer manually.
Change the subnet of your LAN - don't use the default.
Change the router management password, and disable remote (WAN) management.
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.
Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.
Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.
Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid. Rename Administrator, to a non-trivial
value, and give it a non-trivial password. Never use the Administrator renamed
account for day to day activities, only when intentionally doing administrative
tasks.
Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
G

Guest

Thanks a lot Chuck, very informative reply. I appreciate
that. I am also running software firewalls as well, but i
will change the configuration of the routers first and
put my wired router in front. Thanks again chuck, peace.
Dylan
-----Original Message-----


Dylan,

Have you setup file sharing between the computers on the wired and wireless
routers, or are you just sharing internet access? A wireless attacker, if he
gets access to your wireless network, could get access to the internet also, and
since the wired network is upstream from the wireless network, could access that
likewise.

Segmenting your networks is a good idea. But, if file sharing or other
applications doesn't require otherwise, you should put your wireless network
closer to the internet, and your wired (and presumably more secure) network
below the wireless. In other words, reverse the routers as they connect to the
internet. That's the structure of an enterprise class DMZ (NOT the DMZ on a NAT
router).

Regardless of what you do, remember your wireless network will always be at
risk.

Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").
Enable MAC filtering.
Disable DHCP, and assign an address to each computer manually.
Change the subnet of your LAN - don't use the default.
Change the router management password, and disable remote (WAN) management.
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.
Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.
Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.
Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid. Rename
Click to expand...
Administrator, to a non-trivial
value, and give it a non-trivial password. Never use the Administrator renamed
account for day to day activities, only when
Click to expand...
intentionally doing administrative
 
C

Chuck

Thanks a lot Chuck, very informative reply. I appreciate
that. I am also running software firewalls as well, but i
will change the configuration of the routers first and
put my wired router in front. Thanks again chuck, peace.
Dylan
Click to expand...

Dylan,

Did I misunderstand your original post? What's currently connected to the
broadband modem? That should be the wireless one, in front of the wired one.

It's good that you have software firewalls. Stay paranoid, Dylan.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
D

Dylan

No, i'm sorry, i have the wired router connected to the
modem, i will change it to the wireless router. Would it
be a good idea to run a switch after the modem, or would
that be worse?
-----Original Message-----
Click to expand...
 
C

Chuck

No, i'm sorry, i have the wired router connected to the
modem, i will change it to the wireless router. Would it
be a good idea to run a switch after the modem, or would
that be worse?
Click to expand...

Dylan,

A switch would make no difference either way. You have the right idea.

Modem
|
|
V
Wireless Router
|
|
V
Wired Router

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
 
G

Guest

Ok, thanks again chuck.......:)
-----Original Message-----


Dylan,

A switch would make no difference either way. You have the right idea.

Modem
|
|
V
Wireless Router
|
|
V
Wired Router

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can i restrict the privacy ? 0
Slow computer after installing network 2
Wired and wireless file sharing between XP and Leopard (PC and MAC 7
Networking computers 2
workgroup/file sharing 9
Wireless networking is not available on this computer 1
I've lost my home network 3
partial network file sharing 2

Top