Advice wanted regarding setting up WiFi
Alvin Oga
alvin at Mail.Linux-Consulting.com
Wed Mar 31 18:12:41 PST 2004
hi ya bill
i'll take the flame bait
On Wed, 31 Mar 2004, William R Ward wrote:
> The question is, what's the best way to hook up the base station? I'm
> nervous about plugging it into our existing hub (behind the firewall)
> because then, anyone in the neighborhood with a WiFi-enabled computer
> can get online through our connection. That means they could use our
> bandwidth, hack into our machines, or even send spam through our
> network. Not that I think that's likely, but I'm paranoid.
"it" is very very likely to happen .. consider it trivial for those
doing that kind of work
always put your vpn, wireless, dhcp ( anonymous/anybodycan ) connections
OUTSIDE your real internal firewall ....
FW1 for your cablemodem/dmz
FW2 for your internal connections
> So I see two options:
> 1) Add a new firewall box between the cable modem and the WiFi
> station, and then our existing firewall between that and the wired
> computers.
bingo.. you can do that too
but can that firewall will be able to distinguish your laptop
in the bedroom from your neighbor and the van sitting outside
on the road or passing by on the road
> 2) Add a second ethernet port to our Linux server and connect the
> WiFi to that, and use Linux's built-in firewall to control access.
wont help .... they have complete access to the "linux server"
> Either way, I would also want to set up something to provide
> authentication (NoCatAuth?) so only authorized users can use it.
assume everybody is an authorized user including the van on the street
for wireless authentication ..
- do NOT use WEP ... its as good as giving away your key
to the house
- use IPSec .. on the access point and the wireless laptop
( you're hosed if you using a fries special for the ap
( and i donno if the dlink/linksys can use ipsec instead of wep
> I have very little spare time to mess with this, so I want something
> that can be set up easily. I also don't have the budget to be buying
> a lot of hardware.
just an itty bitty 486 machine is good enoug for a firewall
c ya
alvin
More information about the Baylisa
mailing list