microsoft.public.windowsxp.security_admin
back to index
From: "Lanwench [MVP - Exchange]"
Date: Thursday, November 15, 2007 8:07 PM
Subject: Re: Creating a wireless hotspot on my network
Jeff Cook
> Lanwench [MVP - Exchange] wrote:
>
>> Jeff Cook
>>> Hi
>>>
>>> I have a network of three computers, all running XP and sharing some
>>> files and drives on the network.
>>>
>>> I have recently installed a wireless hub
>>
>> Meaning an access point?
>>
>
> Yes, an Access Point. You can tell I'm in unfamilar territory here!
> (Also on a small tropical island with little choice of support
> providers and limited hardware "bits" that I can buy off the shelf)
>
>>> to allow "foreign" computers
>>> to hook into my network and use my ADSL modem for internet access
>>> only.
>>
>> Do you have any security on this AP at all? WPA+PSK at a minumum.....
>
> I'm using 64bit WEP which requuires 5 hex digit pairs as a "password"
> - I'm changing these frequently.
OK - but that's not very secure - use WPA.
>
>> Sure. Workgroups are not security barriers - they're just simple
>> conveniences for organization/viewing computers on a network. Even
>> your having a domain (which is a security barrier) wouldn't
>> necessarily suffice to do what you want....
>
> OK I understand that now.
>
>>>
>>> I'm looking for a simple solution here - something to prevent a
>>> simple, possibly unintentional hack.
>>
>> Or intentional! Wireless extends outside your building, note.
>>
>
> Luckily, this isn't likely to be a problem - mostly palm trees and sea
> outside the building, so unless my AP's range is a lot better than
> advertised I can take the risk.
>
>>
>> If you want to provide wireless services for guests & keep them out
>> of your stuff, you will want to stick the access point outside your
>> LAN entirely - inside your ADSL modem but outsde your own
>> router/firewall.
>>
>> If you have only one public IP and if the AP isn't also a "router",
>> this may be tough.
>
> I have an ADSL/Router from Billion, plugged into an 8 port C-Net
> switch. The AP and all my network plug into that same switch.
>
>>
>> What about a small SonicWALL firewall with wireless? the wireless is
>> on an entirely different IP subnet. These work really well - you can
>> even use WGS (wireless guest services, with a logon page) such as
>> you'd find in a hotel, etc.
>
> This is more hardware?
It's a firewall appliance, yes.
> And it will still allow access to the internet
> from my LAN?
Yes, easily.
>
> Is there someting I can do with subnets (another area of ignorance!)
> to separate the wireless from the wired, but both accessing the
> ADSL/Pouter?
Yes, but it will still take more hardware - and ideally, more than one
public IP address.
>
> Cheers
>
> Jeff
