Results 1 to 8 of 8
  1. #1
    Join Date
    Aug 2002
    Location
    Tucson, Arizona
    Posts
    5

    Wi-Fi Network Segmentation

    Alright, here's my scenario. I'll be getting a new laptop in about 2 weeks (or whenever IBM decides to build it and ship it out). I've currently got a 100 Mbps ethernet network with 7 computers connected to it. When the laptop arrives, I thought it'd be cool to be able to use my broadband internet connection all over the house. I work from home occasionally, and it would be nice to be able to get up and move away from my desk every now and then.

    Here's the problem. I have a neighbor who's a little...odd. I mean, this guy is seriously a few quarts low, or has a few screws loose, or is a few sandwiches short of a picnic basket, or whatever. He's very antisocial, very quiet, and keeps to himself--I moved into my house about 6 months ago and have tried to introduce myself numerous times, but he doesn't want to have anything to do with me. Perhaps you're beginning to see my dilemma.

    If I were to get a wireless router, I would definitely use WEP, use MAC address filtering, turn off SSID broadcasting, change the SSID, change the admin password, turn off DHCP, and allow only a very small range of static IP addresses. However, some of my machines have files on them that I wouldn't want people accessing under any circumstances--we're talking about client records, tax records, bank statements, etc.

    Therefore, it seems like the only safe solution would be to have 2 segmented networks. One would be the wired network that I already have in place, and the other would be a wireless network that would only allow for internet access (i.e., no file sharing with the other computers). If I needed to share files to/from the laptop, it would be easy enough to plug in to the wired network. And now for the question: How would I go about doing this? My initial thought was to install a second NIC in one of my Debian boxes and use it as a firewall, but what do you guys think?

  2. #2
    Join Date
    Dec 2003
    Location
    Miami, FL
    Posts
    3,262
    You're best off asking here:

    http://www.dslreports.com/forum/wlan

    There are many ways to do it. You just purchase an access point and add it before the router (use a switch), that would the AP infront of the AP causing it be "on the outside" of the router.

  3. #3
    Join Date
    Dec 2002
    Location
    NY, NY
    Posts
    3,975
    I have a wireless Netgear 802.11G router.
    You can set it up so only certain wifi cards can access it. [It checks mac adress or something...]

    Also, you can turn off file sharing for those documents.
    You should also password protect them.

  4. #4
    Join Date
    Dec 2003
    Location
    Miami, FL
    Posts
    3,262
    Originally posted by ilyash
    I have a wireless Netgear 802.11G router.
    You can set it up so only certain wifi cards can access it. [It checks mac adress or something...]

    Also, you can turn off file sharing for those documents.
    You should also password protect them.
    Mac Filtering. Which can be spoofed.

    His suggestion is by far the most secure and the best solution, two different networks.

  5. #5
    Join Date
    May 2002
    Location
    Sunny California
    Posts
    1,679
    First of all, I think you're being overly paranoid. However, to implement your suggestion, you'd want a setup similar to the following:

    [Internet] <=> [cable/DSL modem] <=> [wired router] <=[crossover cable]=> [wireless router]

    Set the wireless router to DHCP a different IP address set, and set the gateway of the wireless router to the same gateway the wired router has.

    The key is the different IP addresses. You want to be able to have 192.168.0.x for wired, for instance, and 192.168.1.x for wireless. This will keep the two networks segmented.
    Erica Douglass, Founder, Simpli Hosting, Inc.
    I founded Simpli Hosting, and sold it in 2007 to Silicon Valley Web Hosting after over 6 years in the business.
    Now I'm blogging at erica.biz!

  6. #6
    Join Date
    Aug 2002
    Location
    Tucson, Arizona
    Posts
    5
    Originally posted by ilyash
    Also, you can turn off file sharing for those documents.
    You should also password protect them.
    That was my intent, but it's my understanding that there are ways around that.

  7. #7
    Join Date
    Aug 2002
    Location
    Tucson, Arizona
    Posts
    5
    Originally posted by Rob83
    There are many ways to do it. You just purchase an access point and add it before the router (use a switch), that would the AP infront of the AP causing it be "on the outside" of the router.
    Thanks for the suggestion. That was actually one of my original ideas, but I didn't know if it would work or not. It would basically look something like this: internet > modem > wi-fi AP > wired router > 7 wired computers. Would that work?

  8. #8
    Join Date
    Aug 2002
    Location
    Tucson, Arizona
    Posts
    5
    Originally posted by Simpli-Erica
    The key is the different IP addresses. You want to be able to have 192.168.0.x for wired, for instance, and 192.168.1.x for wireless. This will keep the two networks segmented.
    Thanks for the suggestion! Is that all there is to it? This setup will make it so that people connecting via the AP won't be able to view shared files from the wired computers?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •