Network Security – how should an open wireless access point be run beside a safe network?
So, let’s say we want to have an open wireless access point for some reason. (Maybe offering it to guests if you’re a business?) There are certainly a lot of BAD ways to give open wireless access. As we’ve seen in this series so far, it could be quite easy to hijack all connections in a network using arp spoofing. If you run business machines on a network you do NOT by any means want an open access point on the same subnet. Here are some possibilities though…..
Let’s say we’ve got a dsl modem/router that gives out addresses in the 192.168.1 range of addresses. Further, let’s say we’ve got a firewall/router setup providing a “safe network with a 192.168.0. range of addresses. So, what are our options?
Access point plugged into 192.168.0. range…. bad idea, the clients could hijack network traffic using arp poisoning.
Wireless router plugged into 192.168.0. range (with clients in the 192.168.2 range) Interesting thought. ARP poisoning would not be possible, but it would be possible for 192.168.2 clients to scan and access tcp services in the 192.168.0. range (which is upstream.) the router would basically prevent tcp access INTO the wireless address subnet, but would not prevent “browsers” working their way out.
So, we could plug and access point into the main dsl/router and give wireless clients a 192.168.1…. address? The only problem with this is that traffic from the firewall to the dsl router could be hijacked using arp spoofing by any of the wireless clients.
So, here the best option seems to be this…. wireless ROUTER plugged into 192.168.1 dsl/router which means the wireless clients can be assigned addresses within their subnet (192.168.2 for instance.) So, the best setup for a side by side safe and “wide open” network seems to be a “Y” configuration…
Safe Net and Unsafe Net are peers with different “internal” subnets. (So they’re each behind a router/firewall)
And the router to the world is upstream for both the safe and the unsafe routers.
Popularity: 1% [?]
Related Posts - Network security - how safe is your network? Looking at ARP A while back I did a network security series and one of the points that I mentioned was that it's important to know what is normal for your network. In other words, what machines are NORMALLY connected, what services are normally running, etc. Well, I'm about to start a serious......
- Network Security guide for the home or small business network - Part 11 - Why? Alright, so you're still reading this series and you're thinking. Look, I'm not protecting national security secrets. All I'm doing is (running a business|emailing my grandkids|using the web for research). True, good point. You're not at the defense department. OK. Let's say you just use your computer for email and......
- Network Security guide for the home or small business network - Part 15 - Security Through obscurity I remember many years ago watching a Dr. Who episode where a very important key was "hidden" in a display of many other keys. Kind of like hiding a tree in a forest. This concept is "security by obscurity". Generally this is considered a bad approach to security. It is......
Related Websites - A99 Golf DIGITAL 7x GOLF RANGE FINDER GOLFSCOPE SCOPE User Reviews Send this to a friend A99 Golf DIGITAL 7x GOLF RANGE FINDER GOLFSCOPE SCOPE Manufacturer: A99 Golf Customer Rating: List Price: Varies based on product options Sale Price: $49.99 Availibility: Usually ships in 1-2 business days Buy Now Product Description Pocket Size: 3.75" (Length) x 2.0" (Width)......
- Wordpress 3.0.2 - Auto Updating Error Resolved Wordpress 3.0.2 - Don't Pull Your Hair Out Yet Image by Debs (ò‿ó)♪ via Flickr If you have been using Wordpress for any extended period of time you know that they are constantly updating their plate form. While it re assures me that wordpress is always improving it can also......
- Intego VirusBarrier X6 Mac Antivirus Tools Intego VirusBarrier is hands-down the top Mac antivirus software you can buy. Combining rock-solid protection, comprehensive features and a firewall everything in one usable interface, Intego VirusBarrier X6 sets the conventional of excellence on the subject of Mac security. Put simply, we didn’t find the same a higher level protection......
Similar Posts
- Network security – what does arp spoofing mean for wireless?
- Network security – how safe is your network? Looking at ARP
- Network Security guide for the home or small business network – Part 7 – Wireless Networking
- Network Security – Arp spoofing
- Openvpn