Wireless -- Can you set it up to only share internet?

[rw120555]

I have homepna, ethernet and wireless on my home network. I mostly want the wireless for my laptop to have internet access in different parts of the house. For security reasons, Is there any easy way to set it up so the wireless only shares the internet, without providing access to the rest of the home network? Would one convoluted approach be to have the dsl, WAP, and router all plug into a switch or hub? Ideally, there would be an easy way (from inside the house) to switch from internet only to full home network access. Or, could I do something like put the WAP on a different IP range than the rest of the network?

I think I have pretty good security (128 bit WEP with random character password + MAC address filtering) but I was reading where WEP isn't all that hard to break. I've heard Mac address filtering is pretty good, but I wonder why the Mac address couldn't be detected and then spoofed (doesn't the laptop have to broadcast it so the WAP is willing to communicate?)

The equipment is a Netgear ME102 Wireless Access Point and a Netgear rp334 router, in case that makes a difference. Thanks. RW

 

[cipher00]

Um, how about this: set the router to allow association and connection only to the laptop's MAC address and enable WEP (that at least slows down the outsiders peering in). Then, depending on your OS, disable guest accounts (the default, usually?) and do *not* create user accounts for the laptop on the other machines (this is very Win2k oriented, I'm afraid, but that's what I use). This way I think you may be about as secure as you're going to get with wireless while having the rest of your network ignore the laptop.

Don't know if that made any sense....

 

[rw120555]

Thanks Cipher. Not sure, but I think I'm already doing all that. I have WEP and Mac filtering, and I haven't created user accounts for the laptop on other machines (not even sure how or why to do that, but maybe I'll learn some day).

To clarify the setup, various folders are being shared on the different machines. Also, printers. So, the laptop, like every other machine on the network, can see and access those folders and printers. I didn't have to do anything special to give the laptop access. I just plugged the WAP in, the laptop detected it, and it was part of the network. If I turned off WEP and Mac filtering, I assume any laptop that came within range would have full access to the network. I guess if I didn't share anything, that would further enhance the security of the network, but then that would make the network less useful to us. I use FAT32, maybe if I switched to ntfs I could make the security even tighter on key folders I want shared.

Am I following you correctly? I suspect I am pretty secure (if I were a casual snooper, I'd go after all those people who leave everything at factory defaults) but maybe the security could be a little better without too much hassle.

 

[Garet Jax]

Originally posted by: rw120555
I have homepna, ethernet and wireless on my home network. I mostly want the wireless for my laptop to have internet access in different parts of the house. For security reasons, Is there any easy way to set it up so the wireless only shares the internet, without providing access to the rest of the home network? Would one convoluted approach be to have the dsl, WAP, and router all plug into a switch or hub? Ideally, there would be an easy way (from inside the house) to switch from internet only to full home network access. Or, could I do something like put the WAP on a different IP range than the rest of the network?

I think I have pretty good security (128 bit WEP with random character password + MAC address filtering) but I was reading where WEP isn't all that hard to break. I've heard Mac address filtering is pretty good, but I wonder why the Mac address couldn't be detected and then spoofed (doesn't the laptop have to broadcast it so the WAP is willing to communicate?)

The equipment is a Netgear ME102 Wireless Access Point and a Netgear rp334 router, in case that makes a difference. Thanks. RW

rw120555,

If I was going to try and accomplish what you ask, I would create a DMZ: the WAP would be the only thing in it. That way if someone got access to your WAP, they would still have to go through your firewall (or whatever you have separating the DMZ from the rest of your network) to get to your other machines.

The problem here is that you would need to prevent traffic from flowing between the DMZ and the internal network or it defeats the purpose of separating them. This effectively means that anything on the WAP only has access to the internet and not to any other machine. In other words, your internal network would see no difference between a machine from your DMZ and a machine from the internet.

Having said all of this, I don't know that the hardware you have is sufficient to accomplish this. You need to ask someone more familiar with the Netgear's capabilities.

There may also be an easier way to do this, but I can't think of it right now.