Re: Router/Wireless Install
- From: "Lary" <Lary@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Sep 2005 08:40:26 -0700
Thanks for your quick response. Additional questions follow you comments.
"Dave Nickason [SBS MVP]" wrote:
> - If your laptop is part of your SBS domain, it was probably already logged
> in when you connected to the wireless. If it was not connected to the LAN
> when you logged in, it would have used cached credentials. What happens if
> you reboot (you should be prompted for a login).
Actually, the computer is a stand-alone desktop with a wireless NIC and is
not part of the domain, Yet. Again, it can access the internet without
logining into the network. So even after I connect to the wireless, I can
connect to the internet that is throught the network. How can this be and is
this a problem of WEP.
>
> - WEP is not security. An experienced bad guy can break WEP encryption in,
> literally, 2-3 minutes. IMO you need WPA2 with AES encryption, but that
> needs to be supported in all your devices including the WAP, the wireless
> card in the laptop, and the drivers for the wireless card, plus you need a
> patch from Microsoft. The WRT54G does not support WPA2, so you need a
> WRT54GC. They seem to be running $40 at the office supplies etc. Linksys
> also makes other models that support WPA2, and so do other vendors.
>
> - If you really can't or won't implement WPA2, at the very least you need
> WPA. WPA is almost certainly supported in your equipment and software
> already.
>
> - Best security is WPA2 with IAS authentication. This uses certificates for
> authentication. It's somewhat complex to set up but there are detailed
> instructions in the SBS Administrators Companion book from MS press.
>
Because of my limited scope of the issue, I'm following only a little of
what your saying and what I do understand, I wouldn't know what to do within
SBS or the router to correct the problem.
Other security options within the router is WPA with share-key and Radius.
Share-key apprears to have the AES you mentioned.
> - Sounds like you've got the DHCP right. You definitely should not enable
> it on the Linksys. You can change the Linksys's IP if you want - you should
> be able to log into it from the SBS or any other PC on your network. BTW, I
> recommend setting a password for that and setting it to not allow management
> over wireless (not sure if that's supported in the Linksys or not, but if a
> stranger pulls into your parking lot you don't want them setting up your
> router for you).
Accessing the router from SBS is a problem, I can't login to the router with
192.168.1.1. I believe this may be due to the subset? And if so, I'm not sure
how to correct this.
Is the problem that the SBS submask is 255.255.255.128 and the router is
255.255.255.0? Or I'm I off the mark. Please help in explaining this.
pradon my ignorance. What is BTW?
>
> - So the conclusion is that if you're looking for reasonably secure
> wireless, implement WPA2. This is well documented on the MS web site.
> Here's a start
> http://www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx.
If
This is link is dead. Unable to find site.
> you want state-of-the-art wireless security, it's documented in the
> Administrators Companion book.
>
>
> "Lary" <Lary@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:ADA97BA8-4403-40FE-BC95-E986D616CDD6@xxxxxxxxxxxxxxxx
> > I'm somewhat new to SBS 2003 and I'm having difficulties and security
> > concerns with adding a router to the network and I'm looking for a
> > step-by-step instructions on doing the same.
> >
> > I've installed SBS2003-standard with 2 NIC's. One to the modem and the
> > other
> > to a switch. All the wired computers are connected and are working fine.
> >
> > What I want to do now is connect a Linksys wireless router (WRT54G) to the
> > network to use the wireless AP and switch capabilities.
> >
> > I understand I have that I needed to disable the DHCP on the router
> > because
> > of DHCP running on SBS03.
> >
> > I connected the router to a stand-alone PC and access the router setup
> > through 192.168.1.1. I disabled DHCP. From there I set the SIID and WEP.
> > Soon
> > after I loose access to the router (no NIC connection). Even though, I
> > connect the router to the network switch, I can access the internet
> > through
> > my wireless laptop. This is ok, but what about security since I didn't
> > have
> > to login to the server beforehand. All I did was launch my browser after I
> > configured the laptop with the SIID and security key. This just doesn't
> > seem
> > secure enough. Additionally, I can access the server by entering the
> > server
> > name in the browser (\\server name). It does ask for login information. I
> > don't know if this is correct.
> >
> > From the server, I can access the router through 192.168.1.1. I figure the
> > solution is within the setup of DHCP on the server. More than a bit
> > confused
> > here.
> >
> > Anyone's comments or suggestions would greatly be appreciated.
> >
> > Thanks.
> >
> > lsl
>
>
>
.
- Follow-Ups:
- Re: Router/Wireless Install
- From: Dave Nickason [SBS MVP]
- Re: Router/Wireless Install
- References:
- Router/Wireless Install
- From: Lary
- Re: Router/Wireless Install
- From: Dave Nickason [SBS MVP]
- Router/Wireless Install
- Prev by Date: Re: MX Record Question
- Next by Date: UPDATE: Re: Windows 2003 Standard Upgrade to SBS 2003 Evaluation
- Previous by thread: Re: Router/Wireless Install
- Next by thread: Re: Router/Wireless Install
- Index(es):
Relevant Pages
|
Loading
