Re: Suggestions for a secure home network

["Aaron Rohyans" <aaronr () imcu com>]

I would get the DSL or Cable....buy a couple extra static IPs.  Put a switch 
right after the cable modem (a DMZ if you will) and hang a wireless router 
off of it with one of the public IPs for the wireless MACs.  Then, using a 
separate public IP and another switchport, hang a wired router (Cisco for 
example) and set up access-control lists within it to deny all inbound 
traffic from the wireless router sitting in the DMZ.  Even if the MACs get 
hacked, they wouldn't be able to contact the PCs, which effectively are 
sitting on your "protected" network.

My two cents,
Aaron


----- Original Message ----- 
From: "Edmond Chow" <echow () videotron ca>
To: <security-basics () securityfocus com>
Cc: <echow () videotron ca>
Sent: Sunday, April 09, 2006 11:14 PM
Subject: RE: Suggestions for a secure home network


> Hello List,
>
> I am looking to put together a home network for a high-end client of mine
> and would like your opinion on what type of equipment to use.
>
> Here's an overview of his requirement:
>
> - Two MACs (for his kids) on a wireless network
> - Two PCs on a wired network - these two PCs have sensitive information on
> them.  These computers would not be used for remote access but only for
> internet and email access.  I am thinking of adding hard drive encryption 
> to
> these two computers.
>
> I'm thinking of three approaches and would like your thoughts:
>
> #1 - Use a cable modem with non-wireless router for his two PCs and use a
> separate DSL modem with wireless router for his two MACs. Double the 
> monthly
> cost for internet access but there is no chance that hackers entering
> through the MACs will be able to access his PCs.
> #2 - Use a router (I was thinking of something like an Astaro router or
> Cisco router) for the PCs and then connect a Linksys wireless router with
> WPA security to the first router.  The wireless router would be used for 
> the
> two MACs.
> #3 - Use a wireless router with WPA security for the wireless MACs and 
> then
> hard wire the two PCs to the non wireless router ports on the back of the
> wireless router.
>
> Any thoughts you would have would be greatly appreciated.  Any 
> manufacturers
> and or models you could suggest would also be much appreciated.
>
> Thanks.
>
> Regards,
>
>
> Edmond
>
>
>
>
> -------------------------------------------------------------------------
> This List Sponsored by: Webroot
>
> Don't leave your confidential company and customer records un-protected.
> Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
> obligation. See why so many companies trust Spy Sweeper Enterprise to
> eradicate spyware from their networks.
> FREE 30-Day Trial of Spy Sweeper Enterprise
>
> http://www.webroot.com/forms/enterprise_lead.php
> --------------------------------------------------------------------------
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------