Security Basics mailing list archives
Re: Home wireless free hotspot
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 16 Mar 2010 08:56:58 -0500
"John Lightfoot" <jlightfoot () gmail com> writes:
Hello, I have a home wireless network that Id like to make available to neighbors who need to borrow a connection from time to time. Consider it karmic repayment for the times Ive had to borrow someone elses open connection. Of course, Id like to do it securely, so Im looking for some advice. My main network has a wireless router connected to the Internet, with a few wired connections to my home computers. The main routers wireless network is protected by WPA, access control via MAC address, etc. My thought is I would attach a second wireless router (Netgear) to a port off the main router and leave it unsecured, using a second subnet, and block any routing between the two subnets, other than straight out to the Internet, but Im not sure the best way to do that.
Hi John, You may be interested in the third party firmware dd-wrt. Assuming supported hardware (which can be quite inexpensive), it seems to do everything you want, allowing multiple ssids and configs on the same radio. You could give your neighbor one ssid and passphrase, yourself another, and you can create separate bridges for both networks and keep them from talking to each other if you want. You could even separate the wired LAN from the wireless LAN with restrictions if you wanted. http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs WPA2 AES with a long complex passphrase and a non-default SSID is plenty good these days, though. If your SSID is default and your PSK relatively short or guessable, freely available cracking tools and precomputing hashes can make things awfully crackable these days with offline attacks once the attacker has captured a handshake. The mac filtering your doing isn't a bad idea, but it is quite trivial to work around since the mac addresses on the traffic on your network are plainly seen by sniffing, and for an attacker to spoof a sniffed mac is just a commandline away. No harm though.
So, a few questions: If I set up a second router with a subnet subservient to my main router, presumably it has to get an IP address within the address space of the main network, but how can I limit access to that network to only my Internet interface?
Probably not in the firmware that comes with your router. Give dd-wrt a look though. Your current router may even support it. You'll have to be choosier than usual with router selection as noted in the article above, the router has to have some hardware features to support multiple WLANs. You can of course do what you want with multiple access points and that device you mention may be able to separate those devices if it has the ability to implement VLANs or enforce ACL's to isolate various ports from one another. Perhaps others more familiar with your specific equipment can give more focused advice. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Home wireless free hotspot, (continued)
- Re: Home wireless free hotspot Doug Farre (Mar 18)
- RE: Home wireless free hotspot Murda (Mar 19)
- RE: Home wireless free hotspot Dimyan, Michael (Mar 16)
- RE: Home wireless free hotspot John Lightfoot (Mar 16)
- Re: Home wireless free hotspot Jay Vlavianos (Mar 16)
- RE: Home wireless free hotspot Channel, Lawrence F CTR USAF ACC ACC/A8ZX (Mar 16)
- RE: Home wireless free hotspot Quark Group - Hilton Travis (Mar 22)
- Re: Home wireless free hotspot Adam Mooz (Mar 16)
- Re: Home wireless free hotspot tas0584 (Mar 16)
- RE: Home wireless free hotspot John Lightfoot (Mar 16)
- Re: Home wireless free hotspot Adam Mooz (Mar 16)
- Re: Home wireless free hotspot Todd Haverkos (Mar 16)
- Re: Home wireless free hotspot Jon Janego (Mar 16)
- Re: Home wireless free hotspot Shawn Merdinger (Mar 16)
- Re: Home wireless free hotspot Dale Stirling (Mar 17)
- Re: Home wireless free hotspot Shawn Merdinger (Mar 18)
- RE: Home wireless free hotspot BECKY MACDONALD (Mar 19)
- Re: Home wireless free hotspot ultrique (Mar 16)
- Re: Home wireless free hotspot Doug Farre (Mar 16)
- RE: Home wireless free hotspot Jay Vlavianos (Mar 17)
- Re: Home wireless free hotspot Johnathan (Mar 17)
- Re: Home wireless free hotspot Doug Farre (Mar 16)
- Re: Home wireless free hotspot ron (Mar 16)
(Thread continues...)