Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: How to setup a secure network

  1. #11
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Wireless adds a wrinkle. I've seen DMZ's that weren't worth a plugged nickel (belkin routers), but you should be ok with OpenBSD. I'd test the DMZ anyway from your roommate's wireless network to see if you can get back in on the rest of your network.

    Port monitoring programs like Active Ports and TCP View (or for that matter, F-Port and Netstat) will tell you where your Windows machines are connecting if need be. I run Ettercap and Etherape from a linux unit to get a quick fix on any rogue IP's that may be camping out on my networks. And I run
    Ethereal every now and then on my webserver (W2K) to see what's happening there. Snort's built-in to my FTP server (RH7) and it picks some things up, but I'm not as up on it as I'd like to be.

    Either way, the best network defense you will have going for you is paying attention. Know all the devices on your network and their ip addresses. You're in for a learning experience.

    Just my two bits.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #12
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Outside of defining what exactly you want your security level is going to be (what gets on the internet, what's denied explicitly, etc), I'd recommend not having your roomie's laptop as a DMZ. It's very much akin to having a firewall and just allowing any program to talk to the internet. By not having a DMZ (and in my opinion, there's really no reason good enough to have a machine outside the protection of your router/gateway), you can reduce the amount of security you'd have to layer on said wireless laptop. And it keeps prying eyes out on a lot of levels.

    My network consists of the following:

    My PC connected to the router via cat-5, static IP.
    My server connected to the router via cat-5, static IP.
    Fiance's laptop connected to the router, static IP wireless with WPA + password.

    Router is a DLink Gaming router + wireless with everything turned off and MAC filtering enabled. Port forwaring exists only for the server utilities which are restricted to ports 80, 15234, and 22. All FTP is done over SFTP on port 22. Server has services like telnet turned off.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #13
    Junior Member
    Join Date
    Jan 2006
    Posts
    24
    Keeping the laptop out of the network is beneficial for two reasons. One is that my roommate is always using Limewire to download music and other software. He doesn't believe that anything will happen to his system, despite my advice. As such, keeping him out of the DMZ is actually protecting my network.

    My second reason is that I don't trust the wireless router. What if someone gets to the router (via port 80 for instance, which allows you to change its settings), or if one of my neighbors is able to crack the wireless password. This is also another mechanism for protecting my network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •