microsoft.public.windowsxp.security_admin
back to index
From: "Jeff Cook"
Date: Thursday, November 15, 2007 7:59 PM
Subject: Re: Creating a wireless hotspot on my network
Lanwench [MVP - Exchange] wrote:
> Jeff Cook
> > Hi
> >
> > I have a network of three computers, all running XP and sharing some
> > files and drives on the network.
> >
> > I have recently installed a wireless hub
>
> Meaning an access point?
>
Yes, an Access Point. You can tell I'm in unfamilar territory here!
(Also on a small tropical island with little choice of support
providers and limited hardware "bits" that I can buy off the shelf)
> > to allow "foreign" computers
> > to hook into my network and use my ADSL modem for internet access
> > only.
>
> Do you have any security on this AP at all? WPA+PSK at a minumum.....
I'm using 64bit WEP which requuires 5 hex digit pairs as a "password" -
I'm changing these frequently.
> Sure. Workgroups are not security barriers - they're just simple
> conveniences for organization/viewing computers on a network. Even
> your having a domain (which is a security barrier) wouldn't
> necessarily suffice to do what you want....
OK I understand that now.
> >
> > I'm looking for a simple solution here - something to prevent a
> > simple, possibly unintentional hack.
>
> Or intentional! Wireless extends outside your building, note.
>
Luckily, this isn't likely to be a problem - mostly palm trees and sea
outside the building, so unless my AP's range is a lot better than
advertised I can take the risk.
>
> If you want to provide wireless services for guests & keep them out
> of your stuff, you will want to stick the access point outside your
> LAN entirely - inside your ADSL modem but outsde your own
> router/firewall.
>
> If you have only one public IP and if the AP isn't also a "router",
> this may be tough.
I have an ADSL/Router from Billion, plugged into an 8 port C-Net
switch. The AP and all my network plug into that same switch.
>
> What about a small SonicWALL firewall with wireless? the wireless is
> on an entirely different IP subnet. These work really well - you can
> even use WGS (wireless guest services, with a logon page) such as
> you'd find in a hotel, etc.
This is more hardware? And it will still allow access to the internet
from my LAN?
Is there someting I can do with subnets (another area of ignorance!) to
separate the wireless from the wired, but both accessing the
ADSL/Pouter?
Cheers
Jeff
--
Jeff Cook
Aspect Systems Ltd
www.aspect.co.nz
+
Joan and Jeff Cook
The Cooks Oasis
www.cookislandsoasis.com
