Re: wireless security on notebooks

[Andres <andrej100 () gmail com>]

Dear krymson,

Thank you very much for your answer. In fact, I already have my
network configured as the way that you describe, I'm glad to see that
you agree with it. If I want to keep it simple, it seems to be the
only possible solution. In spite of this, I don't see this solution so
elegant like the other of the virtual adapter, because of the firewall
CPU resources (which I don't know how much they are, and also compared
with the another situation which also involves the firewall but with
less compromise I think), the maintenance of all the firewall rules
for all the adapters involved (when I have to make a huge
transference, I connect the notebooks via cable to the access point,
so I have to add the ethernet mac addresses too).
Another configuration that I'm thinking for it is to use tunnelling, I
think that it goes even more far, because it should let me connect to
the files even when I'm not at home
(http://www.bitvise.com/file-sharing.html), combining this with some
dynamic dns service (http://www.dyndns.com/services/dns/dyndns/), I'm
not a security expert, so I don't know what is the difference between
this and a VPN.

By the way, I have a beginner question, my internal IP ranges are from
192.168.0.100 to 192.168.0.104; in theory, should I block the incoming
packets from this addresses coming from the WAN side of the access
point in its firewall ? Does this addresses exist in internet ? I
imagine this situation, I'm at 192.168.0.101, and I try to connect to
\\192.168.0.100\c$, but the computer is turned off, and the connection
reaches an internet computer with IP 192.168.0.100, I introduce my
password and so on…

I'm using a 2004 version of sygate firewall, (5.6), it seems to be the
newest, same as yours ?

Thank you very much.
Best regards,

Andres H
Argentina
--

19 Sep 2007 13:38:09 -0000, krymson () gmail com <krymson () gmail com>:
> I think you should look at a different solution. Fiddling with the firewall is easier than fiddling with Windows, 
> even to do things easily done in Linux!
>
>
> This is what I think you have said:
>
> 1) You use Sygate as your personal firewall on the laptops (commendable, since I use that one as well!)
>
>
> 2) You want to allow file sharing at home with your trusted systems but not out in the big bad world.
>
>
> The reason I switched from the early ZoneAlarm products to Sygate many, many years ago was it's configurability 
> (something ZA lost). You can make this firewall as complex as you want.
>
>
> In fact, you can allow file sharing to just your known systems and not to anyone else. I'm not sitting on my home 
> computers to give exact instructions, but you could open up Sygate and get to Options/Tools -> Advanced Rules. You 
> will want to add some rules that allow ports 445 and 139 TCP. You want your local system to allow it both to and 
> from, and the remote system should be set up with your other systems' MAC addresses (in Windows, 'ipconfig /all' 
> should show it).
>
>
> This should let your systems connect into the file sharing, but everyone else should still be denied as normal.
>
>
> If this infallible? Diehards will say no, but I'd be surprised if anyone will try to snag a trusted MAC just to get 
> to your file shares.
>
>
>
>
>
> <- snip ->
>
> My question is regarding wireless security, on win xp.
>
> I have a home network, with a wireless access point and two notebooks
>
> (and one desktop connected via cable).
>
> When I'm at home, I want to use the access point's firewall, and leave
>
> all the other things unsecured, like the file sharing turned on on the
>
> notebooks (I'm using WEP).
>
> When my wife goes out with hers computer, I have to rely the security
>
> on hers memory to turn on the firewall.
>
> What I want is to install a virtual wireless network adapter, and to
>
> use one wireless adapter with my home's wifi network and another with
>
> the others. Then, leave the firewall always on (I use sygate) and make
>
> it work only for the foreign networks. I didn't found souch virtual
>
> network adapters. I have the one that comes with VMWare, but it
>
> doesn't have the "wireless networks" tab. This type of solution is a 5
>
> minutes work on Linux, it can be done by configuring a single text
>
> file, but for windows, I'm getting mad.
>
> I don't want to fill my computer of antivirus, anti spyware, and
>
> Norton rubbish, I prefer a simple configuration like this.
>
> Please, if you have some ideas about this, share it with me, or
>
> perhaps to tell me that I'm missing something that makes this
>
> situation nonviable.
>
>
> Best regards,
>
>
> Andres H
>
> Argentina