• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Workgroup using IPSec to auth/encrypt traffic?

I

InlineFive

Diamond Member
Hey all,

A small business currently has eight computers on a workgroup network (domain is not feasible at this time). Now they want to allow another computer onto the network that is outside of my control. I told them that this is a huge risk and was very clear on how much I disapprove. Unfortunately I'm already way over budget this year so they are hesitant to let me buy another laptop or upgrade the WAP and gateway to support VLANs.

That brings me down to locking up the current network computers so that the file sharing will be safe. They already use NTLMv2 authentication and all sharing is password protected using a strongg alphanumericsymbol password using NTLM encryption.

However I don't believe that covers encryption of actual traffic around the network. I've looked around a little bit but I can't seem to find a good starting point for IPsec over a workgroup network.

Alternatively I think that perhaps I could setup another SSID on the WRT54G (I believe DD-WRT v24 can do this) and set the second SSID network to only have access to the gateway. This could still turn into a botnet ****** fest but it's the other good option that I can see.

Can anyone provide some pointers for me?

Thanks!

Ir
 
If you go with IPSEC, you can use preshared keys or certificates. Kerberos is out of the picture since you don't use a domain. Preshared key's aren't that secure, but for a local network might be fine. If you go the certificate route, you'd need a certificate authority thats trusted by all of your machines. It could be Windows 2003, if you have an extra server that can handle it.

If you can swing it, something like a Cisco 871w is relatively cheap (base around $500) and can be upgraded to support more advanced features down the line. It would allow multiple SSIDs and VLANs, and for not much money. I can't comment on the robustness of the 871, although the reviews I've seen are relatively good and I am going to get one for home use.

I'm sure someone else can chime in on this, as I haven't really had to set up IPSEC using anything but Kerberos (although I did use preshared keys in a small test situation)

Tim
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top