Re: all-in-one router?
From: Chuck (none_at_example.net)
Date: 07/05/04
- Next message: Me: "Re: NO network"
- Previous message: Eric Cross [MVP]: "Re: Networking question"
- In reply to: webhead001: "all-in-one router?"
- Messages sorted by: [ date ] [ thread ]
Date: 5 Jul 2004 09:38:07 -0500
On Mon, 5 Jul 2004 04:36:02 -0700, "webhead001"
<webhead001@discussions.microsoft.com> wrote:
>i dont have anything set up yet for networking 4 computers in different parts of the house (home office)......i'll be getting adsl so wouldnt be best option to get a combined adsl moden in a router to share the internet connection, and with an inbuilt AP.
>
>Is there any reason why the access point shouldnt be in the same hardware and do i even need an access point.
>
>I am a beginner. many thx
Getting an all-in-one modem - router - AP, vs getting separate units, is a
matter of style, and of luck. Can you find one unit with all the features that
you need?
The modem (DSL to Ethernet bridge) translates the DSL circuit provided by your
ISP into an Ethernet circuit. Be sure to get a modem that your ISP can support
- you don't want to call them for service and have them tell you "We can't
support that - you're on your own for this problem".
The router protects all the computers on your LAN - those connected by cable,
and those connected by air - from the evils of the internet. In addition to NAT
functionality, an SPI firewall is a good idea for protection.
<http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html>
Also, my personal recommendation - get a router with full logging functionality.
Especially with a wireless LAN, you need to audit what traffic goes up (to the
internet) as well as down (from the internet).
<http://www.linklogger.com/>
The Access Point is the radio - bridging the wireless environment with the
Ethernet LAN. Here there are multiple functions:
- Antenna (single vs dual, external vs fixed).
- Radio (a,b,g for a start).
- Security features are very important today.
Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid. And don't expect your wireless
neighborhood to stop just outside your front door. Even if it does for you.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.
The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall. You are legally responsible for your neighbors using your
WLAN.
Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").
Enable MAC filtering.
Disable DHCP, and assign an address to each computer manually.
Change the subnet of your LAN - don't use the default.
Change the router management password, and disable remote (WAN) management.
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.
Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.
Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.
Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid. Rename Administrator, to a non-trivial
value, and give it a non-trivial password. Never use the Administrator renamed
account for day to day activities, only when intentionally doing administrative
tasks.
Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking.wireless are good places to start.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Me: "Re: NO network"
- Previous message: Eric Cross [MVP]: "Re: Networking question"
- In reply to: webhead001: "all-in-one router?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
