Security Basics mailing list archives
Re: wireless security on notebooks
From: Andres <andrej100 () gmail com>
Date: Wed, 19 Sep 2007 16:08:40 -0300
Dear krymson, Thank you very much for your answer. In fact, I already have my network configured as the way that you describe, I'm glad to see that you agree with it. If I want to keep it simple, it seems to be the only possible solution. In spite of this, I don't see this solution so elegant like the other of the virtual adapter, because of the firewall CPU resources (which I don't know how much they are, and also compared with the another situation which also involves the firewall but with less compromise I think), the maintenance of all the firewall rules for all the adapters involved (when I have to make a huge transference, I connect the notebooks via cable to the access point, so I have to add the ethernet mac addresses too). Another configuration that I'm thinking for it is to use tunnelling, I think that it goes even more far, because it should let me connect to the files even when I'm not at home (http://www.bitvise.com/file-sharing.html), combining this with some dynamic dns service (http://www.dyndns.com/services/dns/dyndns/), I'm not a security expert, so I don't know what is the difference between this and a VPN. By the way, I have a beginner question, my internal IP ranges are from 192.168.0.100 to 192.168.0.104; in theory, should I block the incoming packets from this addresses coming from the WAN side of the access point in its firewall ? Does this addresses exist in internet ? I imagine this situation, I'm at 192.168.0.101, and I try to connect to \\192.168.0.100\c$, but the computer is turned off, and the connection reaches an internet computer with IP 192.168.0.100, I introduce my password and so on… I'm using a 2004 version of sygate firewall, (5.6), it seems to be the newest, same as yours ? Thank you very much. Best regards, Andres H Argentina -- 19 Sep 2007 13:38:09 -0000, krymson () gmail com <krymson () gmail com>:
I think you should look at a different solution. Fiddling with the firewall is easier than fiddling with Windows, even to do things easily done in Linux! This is what I think you have said: 1) You use Sygate as your personal firewall on the laptops (commendable, since I use that one as well!) 2) You want to allow file sharing at home with your trusted systems but not out in the big bad world. The reason I switched from the early ZoneAlarm products to Sygate many, many years ago was it's configurability (something ZA lost). You can make this firewall as complex as you want. In fact, you can allow file sharing to just your known systems and not to anyone else. I'm not sitting on my home computers to give exact instructions, but you could open up Sygate and get to Options/Tools -> Advanced Rules. You will want to add some rules that allow ports 445 and 139 TCP. You want your local system to allow it both to and from, and the remote system should be set up with your other systems' MAC addresses (in Windows, 'ipconfig /all' should show it). This should let your systems connect into the file sharing, but everyone else should still be denied as normal. If this infallible? Diehards will say no, but I'd be surprised if anyone will try to snag a trusted MAC just to get to your file shares. <- snip -> My question is regarding wireless security, on win xp. I have a home network, with a wireless access point and two notebooks (and one desktop connected via cable). When I'm at home, I want to use the access point's firewall, and leave all the other things unsecured, like the file sharing turned on on the notebooks (I'm using WEP). When my wife goes out with hers computer, I have to rely the security on hers memory to turn on the firewall. What I want is to install a virtual wireless network adapter, and to use one wireless adapter with my home's wifi network and another with the others. Then, leave the firewall always on (I use sygate) and make it work only for the foreign networks. I didn't found souch virtual network adapters. I have the one that comes with VMWare, but it doesn't have the "wireless networks" tab. This type of solution is a 5 minutes work on Linux, it can be done by configuring a single text file, but for windows, I'm getting mad. I don't want to fill my computer of antivirus, anti spyware, and Norton rubbish, I prefer a simple configuration like this. Please, if you have some ideas about this, share it with me, or perhaps to tell me that I'm missing something that makes this situation nonviable. Best regards, Andres H Argentina
Current thread:
- wireless security on notebooks Andres (Sep 18)
- <Possible follow-ups>
- Re: wireless security on notebooks krymson (Sep 19)
- Re: wireless security on notebooks Andres (Sep 19)
- Re: wireless security on notebooks Krymson (Sep 20)
- Re: wireless security on notebooks Andres (Sep 27)
- Re: wireless security on notebooks krymson (Sep 27)