RE: Suggestions for a secure home network
- From: Erin Carroll <amoeba@xxxxxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 16:57:47 -0400 (EDT)
Edmond,
A couple of thoughts inline...
I'm somewhat confused over the options I have and would appreciate your
comments on the solutions below. My main question is whether or not I will
have the same level of security by deploying an all-in-one wireless router
(such as the Cisco 871W) versus a separate firewall and wireless access
point as you suggest. Cost is certainly something that I have to keep in
mind!
The only security advantages I can think of off the top of my head for
going with a dedicated FW and separate WAP would be the ability to double
NAT and to minimize being exposed due to device-specific bugs or exploits.
FW gets static (or DHCP depending on service provider) IP which NATs
to a 192.168.* non-routable to your WAP, which in turn NATs to a 10.0.*
network for your servers. If an exploit or bug comes out for your
all-in-one, you're stuck. But with dedicated devices you have a greater
chance of being able to mitigate those scenarios with the unaffected
device.
Plus, I'm preferential to dedicated devices. Few all-in-one solutions will
have every capability you may need in the future and even then, there will
be weak spots outside of the main core-focus capabilities the vendor
concentrates on.
1. Linksys WRT54G family of all-in-one wireless routers (inexpensive!)
2. Cisco 871W all-in-one wireless router - has similar functionality to
Linksys WRT54G but costs a lot more (2nd least expensive!)
3. Cisco 806 router plus Cisco 1231 wireless access points (expensive!)
4. Your solution - Cisco PIX 501 plus Apple Airport Express (2nd most
expensive!)
There are other dedicated firewall solutions which aren't as expensive you
can look into. I've got an old Netscreen-10 that has served me well for
many years and can be picked up fairly cheap secondhand. Depending on your
bandwidth or VPN needs you could get away with a Sonicwall or other FW
appliance on the cheap.
Another question I had pertains to the possibility of having more than one
wireless access point because of the size and number of floors in my
client's home. I'll be visiting his home this afternoon for a site visit so
I'll soon have a better idea of the coverage area. Can two Airport Express
units work in the same network and support handoff from one access point to
another?
You'd get better bang for the buck with a Wi-Fi bridge or network
expander.
--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"Any significantly advanced incompetence
is indistiguishable from malice"
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
- References:
- RE: Suggestions for a secure home network
- From: Edmond Chow
- RE: Suggestions for a secure home network
- Prev by Date: Failure Audit for Event id 675
- Next by Date: Re: Annoyed with M$
- Previous by thread: Re: Suggestions for a secure home network
- Next by thread: How to get a job in IT-Security
- Index(es):
Relevant Pages
|
