Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Improving security

Improving security 12 years 1 month ago #5422

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
:?: :oops: Should know more.

Hi all! Try to picture this network;

Clients range from win95 to winXP.

I have a netware 4.11 server (ipx/spx) connected to a 3300 3com sw. Most computers connect to this switch. I also have some other sw connected to the 3300 (just for port expansion). This takes care of the file/print services.

Now comes the real problem (Internet).
I have a modem/router wich is connected to the 3300 SW, and because I needed more ports, I am also using the built-in ethernet ports to connect some computers.

I have the network set up so that all the clients use fixed IPs, and I have sub-netted it (f.f.f.224), hopping to hide clients from one range of IPs to another.

The router is configured so that the internet gateway is 192.168.1.250 with a mask of f.f.f.f (and it works).

Next I have to add a WAP (most likely connected to the 3300 Sw).

All clients have some sort of firewall and anti-virus, but I cannot control the wireless clients.

I thought about putting a firewall (m0n0wall) between the router and the 3300 Sw. But this will not secure the whole network (because of physical limitations).

Any Ideas on how to improve security without too many physical changes?

Thanks,
Beexo
The administrator has disabled public write access.

Re: Improving security 12 years 1 month ago #5423

  • drizzle
  • drizzle's Avatar
  • Offline
  • Distinguished Member
  • Posts: 138
  • Karma: 0
Do your wireless clients need to access any other machines on your network?

For starters, your switch supports VLAN's so I would isolate your WAP on its own VLAN.
The administrator has disabled public write access.

Re: Improving security 12 years 1 month ago #5439

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
Hi Drizzle,

The answer to the 1st question is no. The clients only need to access the netware server and have access to the internet.

This is my 1st WAP instalation. How do I go about isolating it on its own VLAN?
The administrator has disabled public write access.

Re: Improving security 12 years 1 month ago #5444

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
You will need to setup the VLAN's on the switch your AP connects to.

Another idea is get IPcop.. its a free open-source firewall that has support for a green (trusted) orange (DMZ) red (Internet) and blue (Wi-fi) interfaces...


Sounds like just what you need.. and its a snap to setup..

Furthermore, you can try MAC address filtering on the AP, add whatever little protection WEP will give you, and then if you're doing something important, tunnel your traffic over IPSEC, SSL or similar..
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Firewall 12 years 1 month ago #5564

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
IPCop is great
The administrator has disabled public write access.

Re: Improving security 12 years 1 month ago #5584

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
I have just setup an IPCOP box as suggested but have not yet connected it to the network. I hope everything works out well.
The administrator has disabled public write access.
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup