Re: Router/Wireless Install

See responses inline.

"Lary" <Lary@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EAF8CB63-B460-4A87-BC20-CDE719248B01@xxxxxxxxxxxxxxxx
> Thanks for your quick response. Additional questions follow you comments.
>
> "Dave Nickason [SBS MVP]" wrote:
>
>> - If your laptop is part of your SBS domain, it was probably already
>> logged
>> in when you connected to the wireless. If it was not connected to the
>> LAN
>> when you logged in, it would have used cached credentials. What happens
>> if
>> you reboot (you should be prompted for a login).
>
> Actually, the computer is a stand-alone desktop with a wireless NIC and is
> not part of the domain, Yet. Again, it can access the internet without
> logining into the network. So even after I connect to the wireless, I can
> connect to the internet that is throught the network. How can this be and
> is
> this a problem of WEP.
>

SBS Standard is just allowing the outbound connection to the Internet
without authentication. You would need ISA Server to be able to control or
require authentication for outbound access.

This is not a function of WEP. The wireless router is just passing the
connection through between the PC and the LAN.

You should not be able to access network resources such as shared folders
without logging into the domain.

>> - WEP is not security. An experienced bad guy can break WEP encryption
>> in,
>> literally, 2-3 minutes. IMO you need WPA2 with AES encryption, but that
>> needs to be supported in all your devices including the WAP, the wireless
>> card in the laptop, and the drivers for the wireless card, plus you need
>> a
>> patch from Microsoft. The WRT54G does not support WPA2, so you need a
>> WRT54GC. They seem to be running $40 at the office supplies etc.
>> Linksys
>> also makes other models that support WPA2, and so do other vendors.
>>
>> - If you really can't or won't implement WPA2, at the very least you need
>> WPA. WPA is almost certainly supported in your equipment and software
>> already.
>>
>> - Best security is WPA2 with IAS authentication. This uses certificates
>> for
>> authentication. It's somewhat complex to set up but there are detailed
>> instructions in the SBS Administrators Companion book from MS press.
>>
>
> Because of my limited scope of the issue, I'm following only a little of
> what your saying and what I do understand, I wouldn't know what to do
> within
> SBS or the router to correct the problem.
>
> Other security options within the router is WPA with share-key and Radius.
> Share-key apprears to have the AES you mentioned.
>

Switch the wireless router's security from WEP to WPA with shared key.
Select AES for the encryption. You'll be asked to enter a key - use the
longest one you can. Then set up the wireless card with the same settings
(WPA, AES, and the same key you entered in the router). It's important to
use the longest key length it'll accept, which is probably 63 characters.
You can use copy/paste to avoid having to type all that.

You should do this now. Then if you want to switch to WPA with Radius,
which is more secure, get the Admin Companion book I recommended before and
follow the exact steps it gives for this.

The difference is that if I'm a bad guy in the parking lot, and I can crack
out or otherise obtain your WPA key (from one of your employees or a stolen
laptop, for example), I can get into your network with the WPA shared key.
With radius, I'd need to have a certificate on my computer for
authentication, so I would not be able to get in to your network unless you
gave me a certificate.

I'm not a security expert, so I'd recommend reading up on this to make sure
you're comfortable with your security settings.


>> - Sounds like you've got the DHCP right. You definitely should not
>> enable
>> it on the Linksys. You can change the Linksys's IP if you want - you
>> should
>> be able to log into it from the SBS or any other PC on your network.
>> BTW, I
>> recommend setting a password for that and setting it to not allow
>> management
>> over wireless (not sure if that's supported in the Linksys or not, but if
>> a
>> stranger pulls into your parking lot you don't want them setting up your
>> router for you).
>
> Accessing the router from SBS is a problem, I can't login to the router
> with
> 192.168.1.1. I believe this may be due to the subset? And if so, I'm not
> sure
> how to correct this.

Can you access the router with that IP address from the wireless desktop PC?
I don't know the default IP for accessing the Linksys. I believe that
because the Linksys management page is a web site, you should be able to
access it regardless of subnet.

Another possibility for this - you have the Linksys WAN port plugged into
the same switch as the SBS, right? So the SBS is trying to connect to the
Linksys over its WAN port. If that's the case, the Linksys is probably
configured to block management access from the WAN side. You'll have to
connect a PC to one of the LAN-side ports on the Linksys to manage it.

>
> Is the problem that the SBS submask is 255.255.255.128 and the router is
> 255.255.255.0? Or I'm I off the mark. Please help in explaining this.
>
I think that the
> pradon my ignorance. What is BTW?

Sorry, BTW is "by the way."

>
>>
>> - So the conclusion is that if you're looking for reasonably secure
>> wireless, implement WPA2. This is well documented on the MS web site.
>> Here's a start
>> http://www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx.
> If
>
> This is link is dead. Unable to find site.
>

That link works for me. You're not copying in the trailing period by any
chance? You could also search www.microsoft.com for WPA and/or "wireless
security" and look for general information and how-to articles.

Another source for more general wireless security information is the Wi-Fi
Alliance http://www.weca.net/OpenSection/index.asp?TID=1

>> you want state-of-the-art wireless security, it's documented in the
>> Administrators Companion book.
>>
>>
>> "Lary" <Lary@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:ADA97BA8-4403-40FE-BC95-E986D616CDD6@xxxxxxxxxxxxxxxx
>> > I'm somewhat new to SBS 2003 and I'm having difficulties and security
>> > concerns with adding a router to the network and I'm looking for a
>> > step-by-step instructions on doing the same.
>> >
>> > I've installed SBS2003-standard with 2 NIC's. One to the modem and the
>> > other
>> > to a switch. All the wired computers are connected and are working
>> > fine.
>> >
>> > What I want to do now is connect a Linksys wireless router (WRT54G) to
>> > the
>> > network to use the wireless AP and switch capabilities.
>> >
>> > I understand I have that I needed to disable the DHCP on the router
>> > because
>> > of DHCP running on SBS03.
>> >
>> > I connected the router to a stand-alone PC and access the router setup
>> > through 192.168.1.1. I disabled DHCP. From there I set the SIID and
>> > WEP.
>> > Soon
>> > after I loose access to the router (no NIC connection). Even though, I
>> > connect the router to the network switch, I can access the internet
>> > through
>> > my wireless laptop. This is ok, but what about security since I didn't
>> > have
>> > to login to the server beforehand. All I did was launch my browser
>> > after I
>> > configured the laptop with the SIID and security key. This just doesn't
>> > seem
>> > secure enough. Additionally, I can access the server by entering the
>> > server
>> > name in the browser (\\server name). It does ask for login information.
>> > I
>> > don't know if this is correct.
>> >
>> > From the server, I can access the router through 192.168.1.1. I figure
>> > the
>> > solution is within the setup of DHCP on the server. More than a bit
>> > confused
>> > here.
>> >
>> > Anyone's comments or suggestions would greatly be appreciated.
>> >
>> > Thanks.
>> >
>> > lsl
>>
>>
>>


.

Relevant Pages

  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... DHCP running on the router. ... Set the DHCP on the router, to make a exclusion of IP range. ... you can set the SBS use fix IP by run the CEICW. ... all gust wireless clients will get IP address from DHCP on the ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... DHCP running on the router. ... Set the DHCP on the router, to make a exclusion of IP range. ... you can set the SBS use fix IP by run the CEICW. ... all gust wireless clients will get IP address from DHCP on the ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect a Wireless Router to my SBS Network
    ... , the other end into the wireless router, assign the WAN ... Unless you have a good reason against it, I would connect the Airlink ... other end of the cable to the external NIC on your SBS server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Allowing Visitor Internet access
    ... It is common practice to deploy a firewall device in front of SBS, but in your case it appears that your SBS box has your public IP address directly. ... Wireless access points are inexpensive and I'd rather buy two than try to go through the effort and risk of having one perform two tasks and attempt to keep guests isolated. ... cable 75.144.223.1 - Wireless router w/ dhcp ... You could then turn on the DHCP service on the router and it ...
    (microsoft.public.windows.server.sbs)
  • Re: Network adapter question
    ... compatability (security and speed) if you use all your components from the ... I have a small home network and I want to go wireless. ... decide which adapter I should get. ... Do you mean that you will be using a linksys wireless router? ...
    (alt.comp.hardware.pc-homebuilt)