• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

Wireless network security ????

Toggle sidebar Toggle sidebar
Pens1566

Pens1566

Lifer
Oct 11, 2005
13,787
11,420
136
Basic setup:

DSL Modem --> WAN of DLink 624 Wireless router --> WAN of Netgear RP614 --> Gig switch --> Desktop pcs.

Explanation:

Both routers running DHCP and NAT with some port forwarding for PCs on netgear running BT. Dlink net is 192.168.100.1 (with range of .50-.100), Netgear net is 192.168.200.1 (with range of .50-.100). Laptop is only wireless device connecting to Dlink, 3 desktops wired to netgear. Wireless signal is set to low power, WPA-PSK, mac filtered, SSID not broadcast. Pretty much any security setting is locked down as much as possible.

Question:

Is there any security benefit in separating the 2 nets? Is it really necessary to have the desktops behind an extra NAT just in case someone hacks into the wireless? If there is a benefit, what is the best/easiest way to share file access between the 2 nets?

Thanks in advance for responses.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
No need to. As long as you pre-shared key is long and complex nobody is getting in.

Also go ahead and broadcast your SSID, that's not a security feature and it's recommended that you do broadcast it for compatability with wireless clients.
 
R

Rainsford

Lifer
Apr 25, 2001
17,515
0
0
Originally posted by: spidey07
No need to. As long as you pre-shared key is long and complex nobody is getting in.

Also go ahead and broadcast your SSID, that's not a security feature and it's recommended that you do broadcast it for compatability with wireless clients.
Click to expand...

Seconded. And I'd add that MAC filtering isn't really needed either, and it's annoying if you want to add new clients. If someone is able to break your WPA preshared key, MAC filtering is going to barely slow them down. It's easy to sniff MAC addresses and then clone one to get on the network, a good WPA key provides the VAST majority of the security in your setup.

I'd also strongly suggest that you generate a real random key using any of the large number of tools available for free. Don't treat the key like a password, make it as random and long as possible...you don't have to type it in often enough for that to be too much of a hassle. In my setup, I just randomly generate one using openssl on Linux and if I need to re-setup my wireless client, I just look up the key using the router admin page and one of my wired clients.
 
R

Rainsford

Lifer
Apr 25, 2001
17,515
0
0
Originally posted by: jlazzaro
mac filtering + no ssid broadcast arent security settings, their annoyances.

wpa key gen
Click to expand...

The java math.random function used by that generator is not really recommended for cryptographic use (almost every programming library PRNG is pretty pathetic from a crypto standpoint), but will probably be good enough. If you're really serious about it, get a generator that makes some claims about cryptographic strength of the generated keys, preferably one designed using proven cryptographic primitives. Still, that's a little off topic, but something that always annoys me about security software.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom