On Wed, 2005-02-16 at 20:09 -0500, Craig Brooksby wrote: > Hi all -- seeking advice / pointers to where I can read up... my two > questions are numbered, below. > > My home network is through a D-Link wireless router, to the Cox cable > modem. It works fine -- I am not an expert. For security, I did > stuff like the following: > > 1) Turned WEP on, at 128-bit > 2) Turned on filtering by Mac address > 3) Added WPA-PSK authentication. > > The router seems to be able to do more -- firewall stuff, etc. At the > same time, I know people use old boxes + Linux to do all these things. > So here's what I'm wondering: > > 1) Are there clear reasons why running an old box + Linux as a router > / firewall / etc. is *better* than just using the features in the > little $60 router? (I mean, the *fan noise alone* from this old box > is enough to tilt the scales for me :-) > > 2) Do people plug in Wi-Fi adapters into the old box and use it to > control a wireless network? Or is all that better left to the D-Link? > I ask because my son's Win XP box is currently wireless. > > I want to learn more about networks. I am resourceful and like new > challenges, but if such things are better left to people with long, > deep experience / formal training -- network "engineers" and people > who relax by readin manpages -- please advise. ----- It's all possible by the average person - it's just that the average person isn't interested in devoting the time and energy to learn this stuff. - Don't know about your wireless router but generally, you only have both WEP & WPA-PSK available when you are in 'mixed-mode' meaning you are allowing WEP & 802.11b connections and are allowing WPA-PSK & 802.11g connections. Do you need both? Do all your machines handle 802.11g? If so, then use the 802.11g because it is 54Kbps versus 11Kbps. WPA is stronger encryption but not backwards compatible. I can't conceive that any of these cheapo boxes support both WEP & WPA-PSK simultaneously but I've certainly been wrong before. The restriction/filtering by MAC Address is probably a good thing to do - as long as you can manage it and if you can manage that, you can probably do anything else you've set your mind to doing. The wireless router, if kept up to date with firmware updates is probably as secure, if not more so than your own box router. Your own box router can be more versatile and employed to do other things such as dns but of course, that concept weakens the security of the box. You could conceivably do this... - - - - public IP 192.168.1.0/24 192.l68.2.0/24 and your linux router had two network cards 1 on the 192.168.1.0 network and one on the 192.168.2.0 network and then all your computers plugged into a hub/switch with the 192.168.2.0 network card of the linux router and all had different 192.168.2.0/24 addreses. then you could drop the WPA/WEP & filtering/restrictions by MAC Address altogether if the linux router considered the wireless router as part of the big bad untrusted traffic area sometimes referred to as the internet. Then you could set up a vpn (ipsec/openvpn/cipe) so that a wireless connection couldn't get on your local network without using VPN. That would ensure encrypted traffic from your laptop or desktops using wireless if they connected through to the network because their only ability to connect to the network would be through the vpn channel. This would be in my opinion, the 'optimal' method for using with high security. Craig --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss