(This does pertain to my seti crunchers and my queue) 😉
Just wanted to share a little what I did to help secure my LAN with wireless.
I have been concerned with security ever since I brought my IPAQ with wireless home! I took a walk around my block and found at least 15 access points, most of those WIDE open! I was even able to log into some of the routers with the default password. I felt somewhat secure knowing that I have my wireless router locked down with WEP. Well I started reading about that and found that WEP can be broken with the right tools. So I decided on a cat5 run to the living room to get that PC off the wireless. But I still wanted wireless access for my laptop and PDA, as well as for my friends that come over with their laptops and such. So here is what I did.
I built a smoothwall system from an old 200mhz PC I had. If you do not know about it you can read up on it here http://smoothwall.org/ In this system I have 3 network cards. One is ?RED? and this is where my DSL line goes. There is a ?GREEN? and the other is ?ORANGE?. So here is how it works. ?Red? is the ?war zone? so you can get to that from ?orange? or ?green? but that is it. If you hack into the smoothwall, you can?t see beyond that. The ?Orange? is for web servers. It has no DHCP or DNS and because it is accessible to the outside world, you can?t get to ?green? from the ?orange? So the ?green? is my LAN. So the ?green? is VERY safe from the outside world. Nice thing is I can freely access ?orange? from ?green? but not the other way unless I open DMZ pinholes and why would I want to do that.
But what of my wireless? I can?t have that on ?green?, which would counteract what I am doing, so I put my netgear wireless router on the orange network. The netgear hands out IP and DNS info for the wireless and allows internet access. The best part is that in order for the wireless to work I need to run a wire from the ?orange? NIC to a switch or hub, and from the switch or hub I run a wire to the web server and then use the uplink to the internet port of the router. The reason I say this is the best part is because unless I run another wire from the hub to a port on the router, the wireless can?t see my web server at all. Not by name, IP or DYNDNS info! I had to run a wire to configure the router, but once I was done I unplugged it.
So with all of this I am felling pretty darn confident that my LAN is safe. I do not have anything important on the web server so even if someone does hack in they wont find anything. Plus I have a software firewall on that as well so nothing gets out without my permission.
So if you are like me and wanted to be as secure as you possibly can at home, look into a smoothwall system, or something similar, you won?t regret it!
I have a diagram of all this here. http://thewoodfamily.us/lan/lan.htm
Just wanted to share a little what I did to help secure my LAN with wireless.
I have been concerned with security ever since I brought my IPAQ with wireless home! I took a walk around my block and found at least 15 access points, most of those WIDE open! I was even able to log into some of the routers with the default password. I felt somewhat secure knowing that I have my wireless router locked down with WEP. Well I started reading about that and found that WEP can be broken with the right tools. So I decided on a cat5 run to the living room to get that PC off the wireless. But I still wanted wireless access for my laptop and PDA, as well as for my friends that come over with their laptops and such. So here is what I did.
I built a smoothwall system from an old 200mhz PC I had. If you do not know about it you can read up on it here http://smoothwall.org/ In this system I have 3 network cards. One is ?RED? and this is where my DSL line goes. There is a ?GREEN? and the other is ?ORANGE?. So here is how it works. ?Red? is the ?war zone? so you can get to that from ?orange? or ?green? but that is it. If you hack into the smoothwall, you can?t see beyond that. The ?Orange? is for web servers. It has no DHCP or DNS and because it is accessible to the outside world, you can?t get to ?green? from the ?orange? So the ?green? is my LAN. So the ?green? is VERY safe from the outside world. Nice thing is I can freely access ?orange? from ?green? but not the other way unless I open DMZ pinholes and why would I want to do that.
But what of my wireless? I can?t have that on ?green?, which would counteract what I am doing, so I put my netgear wireless router on the orange network. The netgear hands out IP and DNS info for the wireless and allows internet access. The best part is that in order for the wireless to work I need to run a wire from the ?orange? NIC to a switch or hub, and from the switch or hub I run a wire to the web server and then use the uplink to the internet port of the router. The reason I say this is the best part is because unless I run another wire from the hub to a port on the router, the wireless can?t see my web server at all. Not by name, IP or DYNDNS info! I had to run a wire to configure the router, but once I was done I unplugged it.
So with all of this I am felling pretty darn confident that my LAN is safe. I do not have anything important on the web server so even if someone does hack in they wont find anything. Plus I have a software firewall on that as well so nothing gets out without my permission.
So if you are like me and wanted to be as secure as you possibly can at home, look into a smoothwall system, or something similar, you won?t regret it!
I have a diagram of all this here. http://thewoodfamily.us/lan/lan.htm
