Network Security – how should an open wireless access point be run beside a safe network?



So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..


Let’s say we’ve got a dsl modem/router that gives out addresses in the 192.168.1 range of addresses. Further, let’s say we’ve got a firewall/router setup providing a “safe network with a 192.168.0. range of addresses. So, what are our options?

Access point plugged into 192.168.0. range…. bad idea, the clients could hijack network traffic using arp poisoning.

Wireless router plugged into 192.168.0. range (with clients in the 192.168.2 range) Interesting thought. ARP poisoning would not be possible, but it would be possible for 192.168.2 clients to scan and access tcp services in the 192.168.0. range (which is upstream.) the router would basically prevent tcp access INTO the wireless address subnet, but would not prevent “browsers” working their way out.

So, we could plug and access point into the main dsl/router and give wireless clients a 192.168.1…. address? The only problem with this is that traffic from the firewall to the dsl router could be hijacked using arp spoofing by any of the wireless clients.

So, here the best option seems to be this…. wireless ROUTER plugged into 192.168.1 dsl/router which means the wireless clients can be assigned addresses within their subnet (192.168.2 for instance.) So, the best setup for a side by side safe and “wide open” network seems to be a “Y” configuration…

Safe Net and Unsafe Net are peers with different “internal” subnets. (So they’re each behind a router/firewall)

And the router to the world is upstream for both the safe and the unsafe routers.

Related Posts

Blog Traffic Exchange Related Posts
  • Network security - what does arp spoofing mean for wireless? So, if you haven't already had enough cause to tighten your wireless security.... we've been talking about arp poisoning (spoofing) and the basic conclusion is that IF an attacking machine is on the same subnet as your machine (same IP address range), they can "own" all traffic from you machine......
  • What a week.... I think it's time to pass along a long story of what's gone on over the last week or so here and some of the reasons there hasn't been anything posted. Generally, I would say that work has been busy, but something happened last week that went a bit beyond......
  • Network security - how safe is your network? Looking at ARP A while back I did a network security series and one of the points that I mentioned was that it's important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I'm about to start a serious......
Blog Traffic Exchange Related Websites
  • |Internet|Network Marketing|New Jersey|Part 3| [/caption] Network Marketing In New Jersey - The Real Power Of The Internet In most network marketing circles you will hear people talk about all the different ways to advertise your business online.  While there are some really good ways to get traffic and make sales. Nothing replaces person......
  • Internet Network Marketing - Nobody Cares About Your Crap! (function() {var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];s.type = 'text/javascript';s.async = true;s.src = 'http://widgets.digg.com/buttons.js';s1.parentNode.insertBefore(s, s1);})(); 14Digg Digg (function() {var s = document.createElement(‘SCRIPT’), s1 = document.getElementsByTagName(‘SCRIPT’)[0];s.type = ‘text/javascript’;s.async = true;s.src = ‘http://widgets.digg.com/buttons.js’;s1.parentNode.insertBefore(s, s1);})(); 14 Digg Digg Internet Network Marketing – Ya So You Have A Business And? Image via Wikipedia Good......
  • [How To] Jailbreak iOS 5.0.1 & Preserve Baseband Using sn0wbreeze v2.8b11 Apple recently seeded iOS 5.0.1 final version to the public. This version fixes battery issues & some security issues. @iH8sn0w has updated his jailbreak tool sn0wbreeze to support iOS 5.0.1. You can use sn0wbreeze to preserve baseband and unlock using ultrasn0w or Gevey sim on iPhone 4. sn0wbreeze v2.8b11 is......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site