Skip to main content

Improving security

More
20 years 1 month ago #5422 by beexo
Improving security was created by beexo
:?: :oops: Should know more.

Hi all! Try to picture this network;

Clients range from win95 to winXP.

I have a netware 4.11 server (ipx/spx) connected to a 3300 3com sw. Most computers connect to this switch. I also have some other sw connected to the 3300 (just for port expansion). This takes care of the file/print services.

Now comes the real problem (Internet).
I have a modem/router wich is connected to the 3300 SW, and because I needed more ports, I am also using the built-in ethernet ports to connect some computers.

I have the network set up so that all the clients use fixed IPs, and I have sub-netted it (f.f.f.224), hopping to hide clients from one range of IPs to another.

The router is configured so that the internet gateway is 192.168.1.250 with a mask of f.f.f.f (and it works).

Next I have to add a WAP (most likely connected to the 3300 Sw).

All clients have some sort of firewall and anti-virus, but I cannot control the wireless clients.

I thought about putting a firewall (m0n0wall) between the router and the 3300 Sw. But this will not secure the whole network (because of physical limitations).

Any Ideas on how to improve security without too many physical changes?

Thanks,
Beexo
More
20 years 1 month ago #5423 by drizzle
Replied by drizzle on topic Re: Improving security
Do your wireless clients need to access any other machines on your network?

For starters, your switch supports VLAN's so I would isolate your WAP on its own VLAN.
More
20 years 1 month ago #5439 by beexo
Replied by beexo on topic Re: Improving security
Hi Drizzle,

The answer to the 1st question is no. The clients only need to access the netware server and have access to the internet.

This is my 1st WAP instalation. How do I go about isolating it on its own VLAN?
More
20 years 1 month ago #5444 by sahirh
Replied by sahirh on topic Re: Improving security
You will need to setup the VLAN's on the switch your AP connects to.

Another idea is get IPcop.. its a free open-source firewall that has support for a green (trusted) orange (DMZ) red (Internet) and blue (Wi-fi) interfaces...


Sounds like just what you need.. and its a snap to setup..

Furthermore, you can try MAC address filtering on the AP, add whatever little protection WEP will give you, and then if you're doing something important, tunnel your traffic over IPSEC, SSL or similar..
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 1 month ago #5564 by TheBishop
Replied by TheBishop on topic Firewall
IPCop is great
More
20 years 1 month ago #5584 by beexo
Replied by beexo on topic Re: Improving security
I have just setup an IPCOP box as suggested but have not yet connected it to the network. I hope everything works out well.
Time to create page: 0.140 seconds