Re: Creating a wireless hotspot on my network - Wireless

This is a discussion on Re: Creating a wireless hotspot on my network - Wireless ; Jeff Cook wrote: > Hi > > I hope I have found the correct ng to ask this question ... microsoft > has 2324 newsgroups! Actually, microsoft.public.windows.networking.wireless might've been better (am setting an xpost to there), or microsoft.public.windowxp.network_web. >I have ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Re: Creating a wireless hotspot on my network

  1. Re: Creating a wireless hotspot on my network

    Jeff Cook wrote:
    > Hi
    >
    > I hope I have found the correct ng to ask this question ... microsoft
    > has 2324 newsgroups!


    Actually, microsoft.public.windows.networking.wireless might've been better
    (am setting an xpost to there), or microsoft.public.windowxp.network_web.


    >I have a network of three computers, all running XP and sharing some
    > files and drives on the network.
    >
    > I have recently installed a wireless hub


    Meaning an access point?

    > to allow "foreign" computers
    > to hook into my network and use my ADSL modem for internet access
    > only.


    Do you have any security on this AP at all? WPA+PSK at a minumum.....
    >
    > So far so good. I had thought that as the "foreign" computer would
    > have a different workgroup, it wouldn't be able to see the my
    > workgroup. But ...


    Even if it had another workgroup, that doesn't prevent them from snooping in
    your computers.
    >
    > 1. This doesn't seem to be the case - I can change the workgroup on
    > one of my computers and it can still see the shared files and drives.


    Absolutely.
    >
    > 2. Even if it had worked, my workgroup is still visible in "Entire
    > Network", so the "foreign" computer's workgroup could be changed to
    > match.


    Sure. Workgroups are not security barriers - they're just simple
    conveniences for organization/viewing computers on a network. Even your
    having a domain (which is a security barrier) wouldn't necessarily suffice
    to do what you want....
    >
    > I'm looking for a simple solution here - something to prevent a
    > simple, possibly unintentional hack.


    Or intentional! Wireless extends outside your building, note.

    > Can someone point me in the
    > right direction - my searches of the microsoft site and Googling
    > haven't helped - must be using the wrong key words.
    >
    > TIA
    >
    > Jeff



    If you want to provide wireless services for guests & keep them out of your
    stuff, you will want to stick the access point *outside* your LAN entirely -
    inside your ADSL modem but outsde your own router/firewall.

    If you have only one public IP and if the AP isn't also a "router", this may
    be tough.

    What about a small SonicWALL firewall with wireless? the wireless is on an
    entirely different IP subnet. These work really well - you can even use WGS
    (wireless guest services, with a logon page) such as you'd find in a hotel,
    etc.




  2. Re: Creating a wireless hotspot on my network

    Hi
    Depending on the type of logon that you would like to maintain, this is a
    simple solution that can isolate Open Access from Private Network.
    Network Segregation - http://www.ezlan.net/shield.html
    Jack (MVP-Networking).

    "Lanwench [MVP - Exchange]"
    wrote in message
    news:%23ASF%23t8JIHA.4196@TK2MSFTNGP04.phx.gbl...
    > Jeff Cook wrote:
    >> Hi
    >>
    >> I hope I have found the correct ng to ask this question ... microsoft
    >> has 2324 newsgroups!

    >
    > Actually, microsoft.public.windows.networking.wireless might've been
    > better (am setting an xpost to there), or
    > microsoft.public.windowxp.network_web.
    >
    >
    >>I have a network of three computers, all running XP and sharing some
    >> files and drives on the network.
    >>
    >> I have recently installed a wireless hub

    >
    > Meaning an access point?
    >
    >> to allow "foreign" computers
    >> to hook into my network and use my ADSL modem for internet access
    >> only.

    >
    > Do you have any security on this AP at all? WPA+PSK at a minumum.....
    >>
    >> So far so good. I had thought that as the "foreign" computer would
    >> have a different workgroup, it wouldn't be able to see the my
    >> workgroup. But ...

    >
    > Even if it had another workgroup, that doesn't prevent them from snooping
    > in your computers.
    >>
    >> 1. This doesn't seem to be the case - I can change the workgroup on
    >> one of my computers and it can still see the shared files and drives.

    >
    > Absolutely.
    >>
    >> 2. Even if it had worked, my workgroup is still visible in "Entire
    >> Network", so the "foreign" computer's workgroup could be changed to
    >> match.

    >
    > Sure. Workgroups are not security barriers - they're just simple
    > conveniences for organization/viewing computers on a network. Even your
    > having a domain (which is a security barrier) wouldn't necessarily suffice
    > to do what you want....
    >>
    >> I'm looking for a simple solution here - something to prevent a
    >> simple, possibly unintentional hack.

    >
    > Or intentional! Wireless extends outside your building, note.
    >
    >> Can someone point me in the
    >> right direction - my searches of the microsoft site and Googling
    >> haven't helped - must be using the wrong key words.
    >>
    >> TIA
    >>
    >> Jeff

    >
    >
    > If you want to provide wireless services for guests & keep them out of
    > your stuff, you will want to stick the access point *outside* your LAN
    > entirely - inside your ADSL modem but outsde your own router/firewall.
    >
    > If you have only one public IP and if the AP isn't also a "router", this
    > may be tough.
    >
    > What about a small SonicWALL firewall with wireless? the wireless is on an
    > entirely different IP subnet. These work really well - you can even use
    > WGS (wireless guest services, with a logon page) such as you'd find in a
    > hotel, etc.
    >
    >
    >



  3. Re: Creating a wireless hotspot on my network



    "Lanwench [MVP - Exchange]" wrote:

    > Jeff Cook wrote:
    > > Hi
    > >
    > > I hope I have found the correct ng to ask this question ... microsoft
    > > has 2324 newsgroups!

    >
    > Actually, microsoft.public.windows.networking.wireless might've been better
    > (am setting an xpost to there), or microsoft.public.windowxp.network_web.
    >
    >
    > >I have a network of three computers, all running XP and sharing some
    > > files and drives on the network.
    > >
    > > I have recently installed a wireless hub

    >
    > Meaning an access point?
    >
    > > to allow "foreign" computers
    > > to hook into my network and use my ADSL modem for internet access
    > > only.

    >
    > Do you have any security on this AP at all? WPA+PSK at a minumum.....
    > >
    > > So far so good. I had thought that as the "foreign" computer would
    > > have a different workgroup, it wouldn't be able to see the my
    > > workgroup. But ...

    >
    > Even if it had another workgroup, that doesn't prevent them from snooping in
    > your computers.
    > >
    > > 1. This doesn't seem to be the case - I can change the workgroup on
    > > one of my computers and it can still see the shared files and drives.

    >
    > Absolutely.
    > >
    > > 2. Even if it had worked, my workgroup is still visible in "Entire
    > > Network", so the "foreign" computer's workgroup could be changed to
    > > match.

    >
    > Sure. Workgroups are not security barriers - they're just simple
    > conveniences for organization/viewing computers on a network. Even your
    > having a domain (which is a security barrier) wouldn't necessarily suffice
    > to do what you want....
    > >
    > > I'm looking for a simple solution here - something to prevent a
    > > simple, possibly unintentional hack.

    >
    > Or intentional! Wireless extends outside your building, note.
    >
    > > Can someone point me in the
    > > right direction - my searches of the microsoft site and Googling
    > > haven't helped - must be using the wrong key words.
    > >
    > > TIA
    > >
    > > Jeff

    >
    >
    > If you want to provide wireless services for guests & keep them out of your
    > stuff, you will want to stick the access point *outside* your LAN entirely -
    > inside your ADSL modem but outsde your own router/firewall.
    >
    > If you have only one public IP and if the AP isn't also a "router", this may
    > be tough.
    >
    > What about a small SonicWALL firewall with wireless? the wireless is on an
    > entirely different IP subnet. These work really well - you can even use WGS
    > (wireless guest services, with a logon page) such as you'd find in a hotel,
    > etc.


    May this help:
    Windows SteadyState at Home:
    http://www.microsoft.com/windows/pro...it/athome.mspx
    http://www.microsoft.com/windows/pro...s/default.mspx
    HTH.
    nass
    ----
    http://www.nasstec.co.uk

  4. Re: Creating a wireless hotspot on my network

    nass wrote:
    > "Lanwench [MVP - Exchange]" wrote:
    >
    >> Jeff Cook wrote:
    >>> Hi
    >>>
    >>> I hope I have found the correct ng to ask this question ...
    >>> microsoft has 2324 newsgroups!

    >>
    >> Actually, microsoft.public.windows.networking.wireless might've been
    >> better (am setting an xpost to there), or
    >> microsoft.public.windowxp.network_web.
    >>
    >>
    >>> I have a network of three computers, all running XP and sharing some
    >>> files and drives on the network.
    >>>
    >>> I have recently installed a wireless hub

    >>
    >> Meaning an access point?
    >>
    >>> to allow "foreign" computers
    >>> to hook into my network and use my ADSL modem for internet access
    >>> only.

    >>
    >> Do you have any security on this AP at all? WPA+PSK at a minumum.....
    >>>
    >>> So far so good. I had thought that as the "foreign" computer would
    >>> have a different workgroup, it wouldn't be able to see the m
    >>> workgroup. But ...

    >>
    >> Even if it had another workgroup, that doesn't prevent them from
    >> snooping in your computers.
    >>>
    >>> 1. This doesn't seem to be the case - I can change the workgroup on
    >>> one of my computers and it can still see the shared files and
    >>> drives.

    >>
    >> Absolutely.
    >>>
    >>> 2. Even if it had worked, my workgroup is still visible in "Entire
    >>> Network", so the "foreign" computer's workgroup could be changed to
    >>> match.

    >>
    >> Sure. Workgroups are not security barriers - they're just simple
    >> conveniences for organization/viewing computers on a network. Even
    >> your having a domain (which is a security barrier) wouldn't
    >> necessarily suffice to do what you want....
    >>>
    >>> I'm looking for a simple solution here - something to prevent a
    >>> simple, possibly unintentional hack.

    >>
    >> Or intentional! Wireless extends outside your building, note.
    >>
    >>> Can someone point me in the
    >>> right direction - my searches of the microsoft site and Googling
    >>> haven't helped - must be using the wrong key words.
    >>>
    >>> TIA
    >>>
    >>> Jeff

    >>
    >>
    >> If you want to provide wireless services for guests & keep them out
    >> of your stuff, you will want to stick the access point *outside*
    >> your LAN entirely - inside your ADSL modem but outsde your own
    >> router/firewall.
    >>
    >> If you have only one public IP and if the AP isn't also a "router",
    >> this may be tough.
    >>
    >> What about a small SonicWALL firewall with wireless? the wireless is
    >> on an entirely different IP subnet. These work really well - you can
    >> even use WGS (wireless guest services, with a logon page) such as
    >> you'd find in a hotel, etc.

    >
    > May this help:
    > Windows SteadyState at Home:
    > http://www.microsoft.com/windows/pro...it/athome.mspx
    > http://www.microsoft.com/windows/pro...s/default.mspx
    > HTH.
    > nass
    > ----
    > http://www.nasstec.co.uk


    How is that going to help protect his network ? ;-)





  5. Re: Creating a wireless hotspot on my network

    Lanwench [MVP - Exchange] wrote:

    > Jeff Cook wrote:
    > > Hi
    > >
    > > I have a network of three computers, all running XP and sharing some
    > > files and drives on the network.
    > >
    > > I have recently installed a wireless hub

    >
    > Meaning an access point?
    >


    Yes, an Access Point. You can tell I'm in unfamilar territory here!
    (Also on a small tropical island with little choice of support
    providers and limited hardware "bits" that I can buy off the shelf)

    > > to allow "foreign" computers
    > > to hook into my network and use my ADSL modem for internet access
    > > only.

    >
    > Do you have any security on this AP at all? WPA+PSK at a minumum.....


    I'm using 64bit WEP which requuires 5 hex digit pairs as a "password" -
    I'm changing these frequently.

    > Sure. Workgroups are not security barriers - they're just simple
    > conveniences for organization/viewing computers on a network. Even
    > your having a domain (which is a security barrier) wouldn't
    > necessarily suffice to do what you want....


    OK I understand that now.

    > >
    > > I'm looking for a simple solution here - something to prevent a
    > > simple, possibly unintentional hack.

    >
    > Or intentional! Wireless extends outside your building, note.
    >


    Luckily, this isn't likely to be a problem - mostly palm trees and sea
    outside the building, so unless my AP's range is a lot better than
    advertised I can take the risk.

    >
    > If you want to provide wireless services for guests & keep them out
    > of your stuff, you will want to stick the access point outside your
    > LAN entirely - inside your ADSL modem but outsde your own
    > router/firewall.
    >
    > If you have only one public IP and if the AP isn't also a "router",
    > this may be tough.


    I have an ADSL/Router from Billion, plugged into an 8 port C-Net
    switch. The AP and all my network plug into that same switch.

    >
    > What about a small SonicWALL firewall with wireless? the wireless is
    > on an entirely different IP subnet. These work really well - you can
    > even use WGS (wireless guest services, with a logon page) such as
    > you'd find in a hotel, etc.


    This is more hardware? And it will still allow access to the internet
    from my LAN?

    Is there someting I can do with subnets (another area of ignorance!) to
    separate the wireless from the wired, but both accessing the
    ADSL/Pouter?

    Cheers

    Jeff


    --
    Jeff Cook
    Aspect Systems Ltd
    www.aspect.co.nz
    +
    Joan and Jeff Cook
    The Cooks Oasis
    www.cookislandsoasis.com

  6. Re: Creating a wireless hotspot on my network

    Jeff Cook wrote:
    > Lanwench [MVP - Exchange] wrote:
    >
    >> Jeff Cook wrote:
    >>> Hi
    >>>
    >>> I have a network of three computers, all running XP and sharing some
    >>> files and drives on the network.
    >>>
    >>> I have recently installed a wireless hub

    >>
    >> Meaning an access point?
    >>

    >
    > Yes, an Access Point. You can tell I'm in unfamilar territory here!
    > (Also on a small tropical island with little choice of support
    > providers and limited hardware "bits" that I can buy off the shelf)
    >
    >>> to allow "foreign" computers
    >>> to hook into my network and use my ADSL modem for internet access
    >>> only.

    >>
    >> Do you have any security on this AP at all? WPA+PSK at a minumum.....

    >
    > I'm using 64bit WEP which requuires 5 hex digit pairs as a "password"
    > - I'm changing these frequently.


    OK - but that's not very secure - use WPA.
    >
    >> Sure. Workgroups are not security barriers - they're just simple
    >> conveniences for organization/viewing computers on a network. Even
    >> your having a domain (which is a security barrier) wouldn't
    >> necessarily suffice to do what you want....

    >
    > OK I understand that now.
    >
    >>>
    >>> I'm looking for a simple solution here - something to prevent a
    >>> simple, possibly unintentional hack.

    >>
    >> Or intentional! Wireless extends outside your building, note.
    >>

    >
    > Luckily, this isn't likely to be a problem - mostly palm trees and sea
    > outside the building, so unless my AP's range is a lot better than
    > advertised I can take the risk.
    >
    >>
    >> If you want to provide wireless services for guests & keep them out
    >> of your stuff, you will want to stick the access point outside your
    >> LAN entirely - inside your ADSL modem but outsde your own
    >> router/firewall.
    >>
    >> If you have only one public IP and if the AP isn't also a "router",
    >> this may be tough.

    >
    > I have an ADSL/Router from Billion, plugged into an 8 port C-Net
    > switch. The AP and all my network plug into that same switch.
    >
    >>
    >> What about a small SonicWALL firewall with wireless? the wireless is
    >> on an entirely different IP subnet. These work really well - you can
    >> even use WGS (wireless guest services, with a logon page) such as
    >> you'd find in a hotel, etc.

    >
    > This is more hardware?


    It's a firewall appliance, yes.

    > And it will still allow access to the internet
    > from my LAN?


    Yes, easily.
    >
    > Is there someting I can do with subnets (another area of ignorance!)
    > to separate the wireless from the wired, but both accessing the
    > ADSL/Pouter?


    Yes, but it will still take more hardware - and ideally, more than one
    public IP address.


    >
    > Cheers
    >
    > Jeff





  7. Re: Creating a wireless hotspot on my network

    This has been covered extensively in a previous post.

    The most secure approach is double-NAT -Two routers daisy-chained, with your
    LAN at the far end, public access in the middle. To do this you need a second
    NAT router of the ethernet-in, ethernet-out type.

    Approaches using an IP-based firewall may be adequate, but do take into
    consideration that wireless IPs can be manually set (to be within the
    priveleged range) instead of using DHCP. Also, if an internal computer loses
    its IP address and reverts to DHCP, will this put it into the public zone,
    and therefore at risk?

  8. Re: Creating a wireless hotspot on my network

    Anteaus wrote:
    > This has been covered extensively in a previous post.
    >
    > The most secure approach is double-NAT -Two routers daisy-chained,
    > with your LAN at the far end, public access in the middle. To do this
    > you need a second NAT router of the ethernet-in, ethernet-out type.


    That's one of the things I'd suggested, yes (so did Jack-the-MVP)
    >
    > Approaches using an IP-based firewall may be adequate, but do take
    > into consideration that wireless IPs can be manually set (to be
    > within the priveleged range) instead of using DHCP.


    Sure -

    > Also, if an
    > internal computer loses its IP address and reverts to DHCP, will this
    > put it into the public zone, and therefore at risk?


    In what scenario?

    The Sonicwalls to which I referred to have an entirely isolated subnet for
    wireless. Supports WPA & if an internal user wants wireless, they can use
    the Sonicwall VPN client to get in from the wireless network.They work quite
    well.



  9. Re: Creating a wireless hotspot on my network

    "Lanwench [MVP - Exchange]"
    wrote in message
    news:%23ASF%23t8JIHA.4196@TK2MSFTNGP04.phx.gbl...
    > What about a small SonicWALL firewall with wireless? the wireless is on an
    > entirely different IP subnet. These work really well - you can even use
    > WGS (wireless guest services, with a logon page) such as you'd find in a
    > hotel, etc.


    Is the WGS a function of the SonicWall?

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------



  10. Re: Creating a wireless hotspot on my network

    Phillip Windell wrote:
    > "Lanwench [MVP - Exchange]"
    > wrote in
    > message news:%23ASF%23t8JIHA.4196@TK2MSFTNGP04.phx.gbl...
    >> What about a small SonicWALL firewall with wireless? the wireless is
    >> on an entirely different IP subnet. These work really well - you can
    >> even use WGS (wireless guest services, with a logon page) such as
    >> you'd find in a hotel, etc.

    >
    > Is the WGS a function of the SonicWall?


    Yes, it does that quite nicely



+ Reply to Thread