Archived from groups: microsoft.public.windows.networking.wireless (
More info?)
On Fri, 30 Apr 2004 17:21:43 -0400, "Papa" <*email_address_deleted*> wrote:
>I am currently operating a 3-PC LAN which is tied together with an
>SMC7004ABR 4-port router. The router is connected to the outside world with
>a cable modem. Two of the PCs are running Windows XP Pro, and the third one
>uses W98SE.
>
>I would like to add wireless to this LAN so that I can access the internet
>(or access the other PCs) from a laptop located anywhere in my house, or
>even outside in the back yard
>
>Can I simply plug a wireless router into the unused port on the SMC wired
>router, and then operate the laptop equipped with a wireless card - or is
>there a simpler or less expensive way to go?
>
>Thanks.
Papa,
Hanging a second router off the first would be a simple way to add a wireless
segment to your wired LAN.
If you buy a wireless router, the router function in it will make a second LAN
segment. Configuring your laptop, and your wired computers, to communicate on
two separate LAN segments, will be rather complicated. So you'll probably end
up connecting the wireless router as a wireless access point.
Thanks to mass merchandising, though, a wireless router will cost less than a
comparable wireless access point. For comparison purposes only:
A SMC2655W - EZ Connect™ 11Mbps Wireless Access Point will cost $108 from
Amazon.
http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=76&site=c
A SMC7004AWBR Barricade Cable/DSL router w/ 3-port 10/100Mbps, Print Server, and
802.11b 11Mbps Access Point will cost $55 from Amazon.
http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=63&site=c
Whatever you end up buying, please use security precautions. With a wireless
network, your network may extend far outside your front door. You could have a
neighbor several block away, sitting comfortably in a Starbucks, and accessing
your LAN.
Here's a story about somebody's very stupid wireless neighbor. Don't expect all
wireless neighbors to be this stupid.
<http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html>.
The point is, you need to protect a wireless LAN with more precautions than just
the NAT firewall.
Enable WEP / WPA. Use non-trivial (non-guessable) values for each. (No "My dog
has fleas").
Enable MAC filtering.
Disable DHCP, and assign an address to each computer manually.
Change the subnet of your LAN - don't use the default.
Change the router management password, and disable remote (WAN) management.
Don't disable SSID broadcast - some configurations require the SSID broadcast.
But change the SSID itself - to something that doesn't identify you, or the
equipment.
Enable the router activity log. Examine it regularly. Know what each
connection listed represents - you? a neighbor?.
Install a software firewall on every computer connected to a wireless LAN. Put
manually assigned ip addresses in the Local (highly trusted) Zone. Open the
following ports for file sharing only in the Local Zone: TCP 139, 445; UDP 137,
138, 445.
Use non-trivial accounts and passwords on every computer connected to a wireless
LAN. Disable or delete Guest userid. Rename Administrator, to a non-trivial
value, and give it a non-trivial password. Never use the Administrator renamed
account for day to day activities, only when intentionally doing administrative
tasks.
Stay educated - know what the threats are. Newsgroups alt.internet.wireless and
microsoft.public.windows.networking,wireless are good places to start.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.