Link to home
Create AccountLog in
Avatar of webdork
webdork

asked on

Wireless Security

We have a Linksys WRT54G router providing public internet access to our coffee shop.  Security is disabled, no password.  There is only one desktop computer (XP Pro OS) in the shop.  We want to add a 2nd computer (XP Pro OS) and printer to the wireless network.  Obviously we want to keep the public out of file and printer sharing.  Can this be done with this hardware? If yes can you explain or point me to some KB articles?  If cannot be done will other hardware accomodate the goal?  Can hard wiring the 2nd computer and printer through the router meet the goal?
Avatar of garethh86
garethh86
Flag of United Kingdom of Great Britain and Northern Ireland image

You could configure the router to deny access but the simplest way would be to lock down the new PC. Disable file print sharing, enable the XP firewall and then uncheck allow exceptions or go to the exceptions tab and disable all protocols you dont want anyone getting access to.

To disable file and print sharing go to control pannel, network connections, right click the connection and click properties, in the list make sure that the only thing checked is TCP/IP.

Windows Firewall settings can be access through control pannel, security centre, windows firewall.

A very good free firewall program called ghostfirewall (http://www.ghostsecurity.com/ghostwall/) would accomplish this aswell by setting up a rule saying disable all incoming connections, but you would need to add a few open ports like port 80 for http (internet browser access), 25 for smtp email etc. If you would like help configuring this please ask.

Hope this helps!
Avatar of webdork
webdork

ASKER

Thanks for the quick response.  The 2 shop computers need to share files and the printer.
Avatar of Kutyi
Put in a second router to protect network.  Does not have to be wireless unless one of your devices is.  You can plug the new routers WAN port right in to the wireless router ports or if your ISP gives you two connections the you can plug each router into a switch and then out to your ISP.
Its a case of configuring the firewall then, I would recommend using Ghost wall and only allowing access from the IP address of the other computer.

Make an entry in Ghost wall, type in the IP address of the other computer in incoming IP and set port to * (astericks) and set to comms to incomming and outgoing both. Move this above the 'block all' rule. Then add a rule for the follwoing:

IN           OUT                PORT           DIRECTION
ANY     ANY                 80                  Both
ANY     ANY                 25                  Both
ANY     ANY                 110                  Both


This should allow all the default programs to work while leaving the machine secure. If you wish to use any other programs that require incoming traffic run a quick search for that program on google with port at the end and then create a new rule for that port number.

I use ghostfirewall quite a lot, it has a nifty feature buttons of 'allow all traffic' or 'block all traffic' aswell which is good for panic situations and for testing purposes to see if your firewall is causing an issue. It is very fast and does not in anyway use all you system resources (unlike a lot of other firewalls like norton/mcaffe/zone alarm which slow your system down).

Again if you need help setting this up let me know, the website should get you started though and once you've played around with it for a little while it's very intuitive.

Avatar of webdork

ASKER

Can hard wiring the 2nd computer and printer through the router meet the goal?
adding a router like that owuld not work, the wan port is designed to handle cable traffic or if you are using ADSL an ADSL telephone line, you would need a managed switch of some sort which would cost a lot of money and hassle setting up, the best way to go is to simply lock down the machines with software as described above. Again you can proabbly set this up on the router you currently have depending on what you have available to configure using a built in firewall if it has one and setting port restrictions but this would require configuring the router everytime you need to change something, much easier having it on your desktop - and as an added bonus it protects your PC while its online.
WRT54G routers do not require Cable/DSL  directly on the WAN port and there is no need for a managed switch. This would be the setup:

Option A:

                                              DSL
                                                 |
                                           Wireless Router
                                              |                   |
                                     Router 2          Public Access
                                      |                                  
                          Business PCs

Option B:   2 Publc IPs required                                    DSL/Cable
                                                                                              |
                                                                                       Switch
                                                                                       |           |
                                                                        Router 1             Wireless Router
                                                                        |                                       |
                                                                Business PCs                 Public Access

Sorry, I dont see how this would restirct network access without configuring the routers of software firewall as I desribed? The WRT54G router is handling the internet connection at the moment, In your second diagram you just say DSL/CABLE....is this another modem?
Save your self money and use software.
The WRT54G is just a router so it has to connect to a modem of some sort.  Hardware firewalls will be less of a headache and mush easier to configure and troubleshoot if you ever should have to.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Sorry, I messed it up a bit: don't put in computers but users. So as long as you keep your credentials secret, there is no way to get in.
Avatar of webdork

ASKER

How do you allow access from the network for a user on another computer?
Like in file sharing in a peer to peer network: that user has to exist on your computer, too and of course has to have the same password.
Avatar of webdork

ASKER

I dont understand.  I'm trying to allow printer and file sharing between the 2 shop computers while keeping the public out.
Way easier for you to setup second router as per my previous posts.
Avatar of webdork

ASKER

OK Kutyi

 I have a 2nd router.  I manage the primary router we have now by calling the default gateway IP in a browser.  How do I manage the 2nd router?
webdork - what is it, that you don't understand. I cannot think of an easier solution, so I reply to Kutyi "mine is way easier" because if I were in front of your 2 computers I would apply it in let's say 1 minute at no cost.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Don't get me wrong McKnife, your way will work, I do personally prefer to keep corporate and public totally separated.....:)
Avatar of webdork

ASKER

kyuti
I only have 1 public IP so I guess Option A
WRT54G setting is 192.168.1.254  
Avatar of webdork

ASKER

McKnife
I dont understand how to add the 2nd computer user to the network.  I see how to add a user under the local security settings but i dont see how to add a user from a 2nd computer.
Sorry I said option B, but I was describing option A.  substitute the 192.168.1.1 with 192.168.1.254.
Webdork, on an xp pro computer with simple file sharing turned off, you need to specify a password protected user account to access the network shares. So in your case, it seems, you use simple file sharing/you do not already have such an account,which would be smart to create on both computers with the same password, do so Afterwards you can specify that user to be the only one that has access via that policy.
Avatar of webdork

ASKER

how do you turn off simple file sharing
It's an option in the folder options (windows explorer, menu tools) or the same in control panel - folder options.