best way to use a wireless router and a wired router

our LAN has been typically just a vpn wired router with a couple of hubs and a cable modem for internet.  Now have people needing a wireless router. What is best way to use a wireless router with our existing setup in a way that does not allow outside attacks to penetrae our LAN via the new to be added wireless router? To be more clear, the ultimate question is once the wireless router is in the mix, how can I be sure it has not created a vulnerability to areas that are now protected by the vpn router? I am trying to avoid opening up a way for hacks to get it via the wireless where previously they have not been able.  Is this even a valid concern?
Who is Participating?
Dimitris IoakimoglouConnect With a Mentor Network AdministratorCommented:
Ok so first things first. Do you need both routers for some reason? If they are both routers you can set up the new one and replace the old one.

Then, about the management interface: Is your new router supposed to have the address? Does it say so in the manual? Does any other machine on your network have the same IP? Are your machines on your same subnet as this router? For example, if your network is (which means a subnet mask of then you can't connect to a IP.

A third concern, if your router is by default configured to run a DHCP service, and you're running a second one on your network, then you're gonna be having trouble.

Now, about security: On a small network like yours
a) Activate the highest level of wireless encryption your access point (your router in your case) provides.
b) Activate and configure any firewall software modules your router firmware has. The general principle is "we block everything EXCEPT blah blah blah" and not the other way around.  
c)If the SBS 2008 runs your DHCP, you can set it to give out IPs only to PCs of which you know the MAC addresses.
d) Your router probably has mac address filtering as well, activate this one too.
e) Wireless isolation is generally a good feature, except if you need your wireless PCs to be able to tranfer stuff from one to another.

Anything more than the above will be a bit costly and your network's size does not really seem to justify it.

If, however, you want to start looking for something a bit more professional, I suggest you look at small business firewalls like Fortigate for example, you can find some real nice security features for about 500-700$ if I'm not mistaken.

A last thing to think about, Untangle and Astaro are both a good case of free firewall software that might make your network a bit more secure. You'll need a server to set them up, but that's about it.
Dave BaldwinFixer of ProblemsCommented:
Yes it is.  Ignoring those things is how TJMaxx lost 48 million credit card records.  Use the best encryption which is WPA2 unless they have something better and restrict access thru any other means like limiting it to an approved list of MAC addresses.
Dimitris IoakimoglouNetwork AdministratorCommented:
Actually this question will be easier to answer if you let us know the models of your equipment, how many workstations and servers you have in your network, if there's an AD domain etc.

There's complex solutions that apply to large networks -for example segmentation and DMZs and firewalls and mac address filtering and tons of other stuff- and there's simpler ones for smaller networks.

Let us know a bit about what your network is like.
wfcrrAuthor Commented:
main router is a Zyxell Zywall Plus 2.  There are a couple of hubs connected to it. There is an SBS 2008 and 4 workstations and a printer/scanner and a cable modem. The SBS and the workstations are connected to the hubs. The cable modem is connected to the router directly.  The router is set so that all rules are deny unless I have entered an ip address to allow.  Does that help?  Let me know what else to tell you, I don't know much, but can follow idiot proof instruction.  I have a new wireless router Linksys E1200 and have it linked via one of the  hubs.

To further clarify, the Zyxell router has the cable modem and the two hubs connected to it.  Then I have the SBS and the 4 workstations connected to the hubs and I also now have the wireless router connected to a hub.

In addition to the first question of security in general, I also need to know how to navigate to the wireless router.  When I try the in a browser it doesn't show up.  I can navigate to the Zyxell router, but it is on a differnent 192.168 number...we don't use the 1.1 for that one.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.