Secure Wi-Fi/Wired Installation

Archived from groups: alt.internet.wireless (More info?)

bc <bcbcbc@checkinthemail.com> wrote in
news:Xns94E3822E2BD6bcbcbcklmxyz@207.69.154.202:

> I'm planning a Wi-Fi/Ethernet home office installation. There will
> only be one computer--an HP zt 3000 Pentium M with Intel Pro Wireless
> 2200 802.11 b/g.
>
> Normally this unit will be docked to its HP Port Replicator, which I
> plan to connect to an RJ-45 Ethernet port on a Microsoft 802.11 g Base
> Station. Alternatives to the MN-700 I'm considering include the
> Linksys WRV54G or their WRT54G. An SPI firewall for all modes of
> operation is required in the router.

Any wire/wireless router that has SPI in the firmware will do. I think
the Linksys 54G has it.

>
> Cost is a minor consideration. Robust security and stable connectivity
> are paramount. The router will connect to a cable modem.

The key to longevity and reliability of a device such as router is based
on plugging the device into a UPS to protect it from household appliances
that spike the line and brownouts. The router likes good clean power;
otherwise they tend to become flaky if bad power is constant.

>
> Windows XP Professional will be the o/s. It is important to have
> remote access via a VPN tunnel to this system but only for one remote
> computer at a time.

Then I suggest that you use the Device Manager to install the driver for
the card and you can configure it there as well.

I suggest that you disable the Wireless Zero Configuration service on XP.
It's nothing but trouble as it seeks out other wireless networks in your
area and may possibly drop the connection on a routine basis.

Also, I suggest not using the card's utility to do anything. By showing
the network connection icon in the job tray, the signal strength will be
shown with a mouse-over on the icon.

The wireless connection on XP became as solid as a rock for me by doing
the above.

Most decent routers wired/wireless or wired should have the necessary VPN
protocols to become a VPN endpoint when enabled.

>
> We want this setup to use the Ethernet connection when docked--then go
> Wi- Fi only when undocked to roam the house, patio, etc. I want the
> transition from Ethernet to Wi-Fi as seamless as possible--preferably
> just unplug and walk while connected or not. No cable swithching--the
> fewest and simplest settings changes yet maintaining the highest
> possible security when on Wi- Fi.

So, maybe the laptop already has the RJ45 for the wire NIC and all you'll
need is a wireless PCMCIA card to slide into the slot. Linksys makes a
WPC11 wireless NIC. You can just unplug one or the other and boot the
machine boot the machine will pick-up the connection by itself.

> An occasional house guest might want to log on to the Wi-Fi or LAN.
>

I would isolate them from the rest of the machines on the LAN, which can
be done with IPsec if all the other machines on the LAN are Win 2K or
better or with a host based FW on each machine.

http://www.petri.co.il/block_ping_ [...] _ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

I like to use IPsec to protect the machines on the LAN.

> I'm seeking advice first to choose the best router for this purpose.
> Secondly I'd like recommendations and guidance with regard to
> installation, settings, security configuration, etc.

There are plenty of articles out on Google about how to secure the
wireless network in the home environment.

The protection starts with the O/S if you have one that security can be
implemented.

http://www.uksecurityonline.com/index5.php

Maybe, you better option is to get a wired NAT router that has more
security features and use a WAP-(wireless Access Point) and plug it into
the router. Wireless technology changes to rapidly for wireless router
solutions as opposed to the wire router that hardly changes at all.

HTH

Duane