microsoft.public.windowsxp.security_admin
back to index
From: "Jack \(MVP-Networking\)."
Date: Thursday, November 15, 2007 3:44 PM
Subject: Re: Creating a wireless hotspot on my network
Hi
Depending on the type of logon that you would like to maintain, this is a
simple solution that can isolate Open Access from Private Network.
Network Segregation - http://www.ezlan.net/shield.html
Jack (MVP-Networking).
"Lanwench [MVP - Exchange]"
news:%23ASF%23t8JIHA.4196@TK2MSFTNGP04.phx.gbl...
> Jeff Cook
>> Hi
>>
>> I hope I have found the correct ng to ask this question ... microsoft
>> has 2324 newsgroups!
>
> Actually, microsoft.public.windows.networking.wireless might've been
> better (am setting an xpost to there), or
> microsoft.public.windowxp.network_web.
>
>
>>I have a network of three computers, all running XP and sharing some
>> files and drives on the network.
>>
>> I have recently installed a wireless hub
>
> Meaning an access point?
>
>> to allow "foreign" computers
>> to hook into my network and use my ADSL modem for internet access
>> only.
>
> Do you have any security on this AP at all? WPA+PSK at a minumum.....
>>
>> So far so good. I had thought that as the "foreign" computer would
>> have a different workgroup, it wouldn't be able to see the my
>> workgroup. But ...
>
> Even if it had another workgroup, that doesn't prevent them from snooping
> in your computers.
>>
>> 1. This doesn't seem to be the case - I can change the workgroup on
>> one of my computers and it can still see the shared files and drives.
>
> Absolutely.
>>
>> 2. Even if it had worked, my workgroup is still visible in "Entire
>> Network", so the "foreign" computer's workgroup could be changed to
>> match.
>
> Sure. Workgroups are not security barriers - they're just simple
> conveniences for organization/viewing computers on a network. Even your
> having a domain (which is a security barrier) wouldn't necessarily suffice
> to do what you want....
>>
>> I'm looking for a simple solution here - something to prevent a
>> simple, possibly unintentional hack.
>
> Or intentional! Wireless extends outside your building, note.
>
>> Can someone point me in the
>> right direction - my searches of the microsoft site and Googling
>> haven't helped - must be using the wrong key words.
>>
>> TIA
>>
>> Jeff
>
>
> If you want to provide wireless services for guests & keep them out of
> your stuff, you will want to stick the access point *outside* your LAN
> entirely - inside your ADSL modem but outsde your own router/firewall.
>
> If you have only one public IP and if the AP isn't also a "router", this
> may be tough.
>
> What about a small SonicWALL firewall with wireless? the wireless is on an
> entirely different IP subnet. These work really well - you can even use
> WGS (wireless guest services, with a logon page) such as you'd find in a
> hotel, etc.
>
>
>
