Security Basics mailing list archives
RE: Suggestions for a secure home network
From: Edmond Chow <echow () videotron ca>
Date: Mon, 17 Apr 2006 12:02:06 -0400
Hello Paul, Thanks for your excellent response! I'm somewhat confused over the options I have and would appreciate your comments on the solutions below. My main question is whether or not I will have the same level of security by deploying an all-in-one wireless router (such as the Cisco 871W) versus a separate firewall and wireless access point as you suggest. Cost is certainly something that I have to keep in mind! 1. Linksys WRT54G family of all-in-one wireless routers (inexpensive!) 2. Cisco 871W all-in-one wireless router - has similar functionality to Linksys WRT54G but costs a lot more (2nd least expensive!) 3. Cisco 806 router plus Cisco 1231 wireless access points (expensive!) 4. Your solution - Cisco PIX 501 plus Apple Airport Express (2nd most expensive!) Another question I had pertains to the possibility of having more than one wireless access point because of the size and number of floors in my client's home. I'll be visiting his home this afternoon for a site visit so I'll soon have a better idea of the coverage area. Can two Airport Express units work in the same network and support handoff from one access point to another? Thanks for your thoughts. Regards, Edmond -----Original Message----- From: paul.johnson8 () gmail com [mailto:paul.johnson8 () gmail com] Sent: Tuesday, April 11, 2006 9:03 PM To: Edmond Chow Cc: security-basics () securityfocus com Subject: Re: Suggestions for a secure home network Use Cisco PIX 501 with PPPoE enabled on the external interface for your internet connection. Setup the ACLs (ie: enable ports for http/https/pop3/smtp for outgoing, block all incoming) to your preference. Connect the 2 PC's to the PIX via CAT5 cables. You might need to setup 2 subnets on the PIX as well. Get an Airport Express and connect it to one of the PIX's 4 internal switched LAN ports (there are 4). Setup WPA on the Airport Express and connect the Macs to the encrypted WPA network. On 10/04/06, Edmond Chow <echow () videotron ca> wrote:
Hello List, I am looking to put together a home network for a high-end client of mine and would like your opinion on what type of equipment to use. Here's an overview of his requirement: - Two MACs (for his kids) on a wireless network - Two PCs on a wired network - these two PCs have sensitive information on them. These computers would not be used for remote access but only for internet and email access. I am thinking of adding hard drive encryption
to
these two computers. I'm thinking of three approaches and would like your thoughts: #1 - Use a cable modem with non-wireless router for his two PCs and use a separate DSL modem with wireless router for his two MACs. Double the
monthly
cost for internet access but there is no chance that hackers entering through the MACs will be able to access his PCs. #2 - Use a router (I was thinking of something like an Astaro router or Cisco router) for the PCs and then connect a Linksys wireless router with WPA security to the first router. The wireless router would be used for
the
two MACs. #3 - Use a wireless router with WPA security for the wireless MACs and
then
hard wire the two PCs to the non wireless router ports on the back of the wireless router. Any thoughts you would have would be greatly appreciated. Any
manufacturers
and or models you could suggest would also be much appreciated. Thanks. Regards, Edmond ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- RE: Suggestions for a secure home network Edmond Chow (Apr 17)
- Re: Suggestions for a secure home network James Harless (Apr 18)
- RE: Suggestions for a secure home network Erin Carroll (Apr 18)