Did I just open a massive security vulnerability?

[DealMonkey]

I have a 2Wire DSL Modem/Wireless Router and I just enabled its built-in "Bridge Network" which apparently allows broadband IP addresses to be used on the local network. I set the subnet mask to 255.255.255.0 which matches my PCs attached via Cat5.

I can now see the wirless devices on my network (which was the problem I was trying to solve - I couldn't browse wireless shares belonging to the same workgroup, etc.), however did I create a security issue?

I know about enough to be dangerous when it comes to networking.

Thanks! -DM

 

[RebateMonger]

Edit - I think I've misinterpreted DealMonkey's question - see later posts...

Well, yeah. There are, doubtless, 'bots working right now, trying to break into the PCs that you placed on the public Internet with those broadband IP addresses.

Hopefully you didn't have any "unpatched" original versions of XP. With no firewalls in place, those don't last long when placed directly on a broadband connection. Fortunately, most ISPs "protect" their customers by blocking many of the common attack ports.

If you are going to put a PC directly on the Internet, with no NAT router or hardware firewall, be sure to keep it fully patched, keep updated AV definitions, and keep a software firewall running.

Running "bare" PCs directly on the Internet used to be safe. It's questionable if it's a good idea anymore.

 

[DealMonkey]

Well, my PCs are still running local IPs (i.e. 192.168.0.x), however I was unable to get my wireless laptops to share folders with the wired PCs without enabling the bridge network. It's almost like the AP allowed both the wired and wireless PCs to access the Internet, just not each other. If that makes any sense...

 

[Lemon law]

Gotta agree with Rebate Monger---now a days an unprotected windows PC will be dead meat on the internet within an hour or two. In fact there are organizations that put honey pot PC's just to see how long it will take to get compromised in some way. Last figure I saw was something like 16 minutes for a totally unprotected windows system.

While there is no such thing as total safety on the internet, going to forums like castle cops or spyware warriors can give a user basic common sense advice on how to be almost totally safe. Nor does a wise choice of programs have to cost any money, nor does it have more than a very slight increase in boot times. But security is especially important on a network, because a compromise of just one computer on the network can come back and infect all computers on the network.

Sad to say, Malware writers are getting more effective every day---its just a fact of life---and if you don't protect yourself---you may discover they now own your PC.---and once on your PC---there is often no limit to the damage they can do.

 

[DealMonkey]

Well there must be a better way to allow wireless and wired devices to share files/folders. Is my 2Wire DSL model/AP not capable of allowing the wired and wireless PCs to interact? Should I look for a new AP?

 

[wireeater]

I am not sure why you can't share without doing it the way you did?

I have my Cable connection running to a wireless router so my wife can get internet access on her laptop. I also have it setup to share the printer and files as well from computer to computer.

All you really need to do is make sure both computers have the same workgroup name which can be changed in the system properties, on the Computer Name tab. And make sure file sharing is turned on and your firewall isn't blocking the incoming connections.

 

[RebateMonger]

DealMonkey,

I'm obviously misunderstanding what you are doing. When I saw "Bridge", I figured you were using your Router in "Briding Mode", which eliminates Network Address Translation between your network and the Internet.

I think what you actually meant was that you were trying to bridge your WiFi network and your wired network.

That should be no problem at all. Normally it happens automatically with wireless routers. Both wired and wireless clients are given suitable IP addresses and subnet masks to place them on the same private network (with private IPs like 192.168.xx.xx).

As long as all your PCs are talking to each other, and as long as all have "private" IP addresses, you should be fine, security-wise.