Re: firewall for isolating wireless network?

From: David (davidwnh_at_adelphia.net)
Date: 10/22/03 

Date: Wed, 22 Oct 2003 02:37:38 GMT

Do you want to simply route the traffic to non-security critical
resources or do you also need to encrypt it above and beyond WEP? If you
are allowing access to private company resources then VPN is your
probably your best bet. If you are allowing access for legitimate users
who are using their normal network passwords and are allowing something
as insecure as lanman (or worse) for authentication then you better
think about doing more than routing. You can set up a VPN on a server,
Windows or Linux, depending on your available resources and the amount
of platform compatibility you need. Or you could upgrade to wireless
equipment that is compatible with WPA? Personally I would wait for
802.11.i unless I found equipment that was guaranteed to be firmware
upgradeable or was only dealing with a few machines that needed wireless
access. You'd have to do the math to see what is most cost-effective up
front and in the near future depending on your particular circumstances.
If you are more than just a home business, if you are protecting
valuable company resources, then devices geared towards the home user
market sometimes don't suffice. A lot of solutions cost more than a
cable/dsl router, but a single network compromise will probably cost
more, and if you are the admin possibly your job. There are several
solutions but what you do depends on what you are trying to accomplish
or prevent, how much you have budgeted, and network platform
compatibility.
>
> The VPN server is not on-site, so the WAP can't be plugged in to it,
> but when we move to a new facility and wean ourselves from our old
> parent co.'s IT, I'll make that a consideration for a new VPN.
>
> We don't have a direct connection to the internet, but a router & a T1
> to the parent, so we don't have a firewall on site. However, the
> router might accept another ethernet port. I think it's an old Cisco
> & the port would probably cost more than a BEFSR11.
>
> I'm going to consider the Linux Router Project or the Linux Embedded
> Appliance Firewall (leaf.sourceforge.net). I don't want to install a
> full-blown Linux distro then try to lock it down, but one of these
> plus one of the many PIII 500MHz boxes we have gathering dust could
> work.
>
> -M

Relevant Pages

  • Re: netgear VPN/Router
    ... > To your SBS box any PCs that are connecting via your Router> Router VPN ... These wouldn't have access to internal LAN resources ...
    (microsoft.public.backoffice.smallbiz)
  • Re: 2 WLANs, VPN routing? Is it possible?
    ... Set up the VPN on the Router ... > Linux box to the University as you did with your Notebook. ... This will give you an extra interface on both machines ...
    (comp.os.linux.networking)
  • Linux Router/Firewall
    ... I want to replace my Linksys Router and was planning on the USR8200 so I can ... do VPN and have an ftp server. ... How difficult would it be to setup a Linux based router on some old hardware ... I'm looking to use ftp and the winxp clients for vpn access ...
    (alt.os.linux.suse)
  • Re: 2 WLANs, VPN routing? Is it possible?
    ... Set up the VPN on the Router ... >> Linux box to the University as you did with your Notebook. ... Then set up the firewall for the router. ... > the Cisco VPN client creates an extra interface on Windows. ...
    (comp.os.linux.networking)
  • Re: 2 WLANs, VPN routing? Is it possible?
    ... Set up the VPN on the Router ... >> Linux box to the University as you did with your Notebook. ... Then set up the firewall for the router. ... > the Cisco VPN client creates an extra interface on Windows. ...
    (comp.os.linux.networking)