I have a wired LAN of 4 computers, i recently bought a
laptop and wanted wireless access. I bought a wireless
Linksys router, and connected my wireless router to my
wired router. Is this a good idea, or have i got some
security issues now? I am running the laptop and 1
computer on the wireless router and 3 computers on the
wired router, or are they all vulnerable now?
Dylan,
Have you setup file sharing between the computers on the wired and wireless
routers, or are you just sharing internet access? A wireless attacker, if he
gets access to your wireless network, could get access to the internet also, and
since the wired network is upstream from the wireless network, could access that
likewise.
Segmenting your networks is a good idea. But, if file sharing or other
applications doesn't require otherwise, you should put your wireless network
closer to the internet, and your wired (and presumably more secure) network
below the wireless. In other words, reverse the routers as they connect to the
internet. That's the structure of an enterprise class DMZ (NOT the DMZ on a NAT
router).
Regardless of what you do, remember your wireless network will always be at
risk.
Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").
Enable MAC filtering.
Disable DHCP, and assign an address to each computer manually.
Change the subnet of your LAN - don't use the default.
Change the router management password, and disable remote (WAN) management.
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.
Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.
Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.
Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid. Rename Administrator, to a non-trivial
value, and give it a non-trivial password. Never use the Administrator renamed
account for day to day activities, only when intentionally doing administrative
tasks.
Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.