?
Solved

best way to use a wireless router and a wired router

Posted on 2012-08-14
4
Medium Priority
?
699 Views
Last Modified: 2012-08-17
our LAN has been typically just a vpn wired router with a couple of hubs and a cable modem for internet.  Now have people needing a wireless router. What is best way to use a wireless router with our existing setup in a way that does not allow outside attacks to penetrae our LAN via the new to be added wireless router? To be more clear, the ultimate question is once the wireless router is in the mix, how can I be sure it has not created a vulnerability to areas that are now protected by the vpn router? I am trying to avoid opening up a way for hacks to get it via the wireless where previously they have not been able.  Is this even a valid concern?
0
Comment
Question by:wfcrr
  • 2
4 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 38294352
Yes it is.  Ignoring those things is how TJMaxx lost 48 million credit card records.  Use the best encryption which is WPA2 unless they have something better and restrict access thru any other means like limiting it to an approved list of MAC addresses.
0
 
LVL 3

Expert Comment

by:Dimitris Ioakimoglou
ID: 38294371
Actually this question will be easier to answer if you let us know the models of your equipment, how many workstations and servers you have in your network, if there's an AD domain etc.

There's complex solutions that apply to large networks -for example segmentation and DMZs and firewalls and mac address filtering and tons of other stuff- and there's simpler ones for smaller networks.

Let us know a bit about what your network is like.
0
 

Author Comment

by:wfcrr
ID: 38295655
main router is a Zyxell Zywall Plus 2.  There are a couple of hubs connected to it. There is an SBS 2008 and 4 workstations and a printer/scanner and a cable modem. The SBS and the workstations are connected to the hubs. The cable modem is connected to the router directly.  The router is set so that all rules are deny unless I have entered an ip address to allow.  Does that help?  Let me know what else to tell you, I don't know much, but can follow idiot proof instruction.  I have a new wireless router Linksys E1200 and have it linked via one of the  hubs.

To further clarify, the Zyxell router has the cable modem and the two hubs connected to it.  Then I have the SBS and the 4 workstations connected to the hubs and I also now have the wireless router connected to a hub.

In addition to the first question of security in general, I also need to know how to navigate to the wireless router.  When I try the 192.168.1.1 in a browser it doesn't show up.  I can navigate to the Zyxell router, but it is on a differnent 192.168 number...we don't use the 1.1 for that one.
0
 
LVL 3

Accepted Solution

by:
Dimitris Ioakimoglou earned 2000 total points
ID: 38296824
Ok so first things first. Do you need both routers for some reason? If they are both routers you can set up the new one and replace the old one.

Then, about the management interface: Is your new router supposed to have the 192.168.1.1 address? Does it say so in the manual? Does any other machine on your network have the same IP? Are your machines on your same subnet as this router? For example, if your network is 192.168.0.0/24 (which means a subnet mask of 255.255.255.0) then you can't connect to a 192.168.1.1 IP.

A third concern, if your router is by default configured to run a DHCP service, and you're running a second one on your network, then you're gonna be having trouble.

Now, about security: On a small network like yours
a) Activate the highest level of wireless encryption your access point (your router in your case) provides.
b) Activate and configure any firewall software modules your router firmware has. The general principle is "we block everything EXCEPT blah blah blah" and not the other way around.  
c)If the SBS 2008 runs your DHCP, you can set it to give out IPs only to PCs of which you know the MAC addresses.
d) Your router probably has mac address filtering as well, activate this one too.
e) Wireless isolation is generally a good feature, except if you need your wireless PCs to be able to tranfer stuff from one to another.

Anything more than the above will be a bit costly and your network's size does not really seem to justify it.

If, however, you want to start looking for something a bit more professional, I suggest you look at small business firewalls like Fortigate for example, you can find some real nice security features for about 500-700$ if I'm not mistaken.

A last thing to think about, Untangle and Astaro are both a good case of free firewall software that might make your network a bit more secure. You'll need a server to set them up, but that's about it.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question