Nested routers and Wireless security

By TheBuda
Jan 10, 2008
  1. Learned Friends,

    Having gotten a nice gift card to Best Buy for Christmas I was thinking of doing a little upgrade to my home network. I'd like some thoughts and opinions before I spend the money and time

    Current Set-up:

    Cable Modem -> Wireless Router -> computers

    - Wireless G router from Vonage (MAC Filter and WEP security enabled)
    1 desktop (wired in)
    2 laptops (wireless)
    - 1 Windows Vista
    - 1 Ubuntu 7.10

    The problem of course is the usual thing, when a friend or guest comes to visit I need to give them the long key and add their system to the MAC filter. I'd like to make my home more friendly to guests. I'm not in an urban environment.

    New Set-up:

    CM - Cable Modem
    WR1 - Current wireless router from Vonage
    WR2 - New Enhanced-G wireless Router
    DT1 - Desk Top #1
    LT1 - Laptop #1
    LT2 - Laptop #2
    LTG - Guest Laptop

    - WR1
    - - WR2
    - - - DT1
    - - - LT1
    - - - LT2
    - - LTG

    So the new router nested into the old router (wired in) and my own computer put on super lock down security. The old router is left more open (no MAC filter, simple passphrase security) for any guests who come to visit.

    So here's the Questions put plainly

    #1 - Are the enhanced G routers fast enough to make it worth investing in one?

    #2 - How secure (realistically) will my own computers be should someone break into the less secure part

    #3 - Are there any major hurdles to nesting the routers I need to watch out for?

    Thank you for your insights.

    - Jon
  2. jobeard

    jobeard TS Ambassador Posts: 9,158   +599

    Nodsu has shown this layout (If I recall correctly)
          |      |
      Router-2  WirlessRouter
         |                .
      wired               . wireless connections
    The gateway address in Router-1 will allow all systems Internet access
    but inhibit access between wired and wireless
  3. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    All "worth it" questions are only up to you.
    Your computers will be just as safe as is there was no less secure part at all. Of course, gaining control of a device in your less secure network (let's call it DMZ, because that's what it really is) gives the attacker a platform to eavesdrop on your secure wifi and eventually crack it. Also, if they manage to get in the external router, they will be able to eavesdrop on all your internet traffic and modify it at will.

    If you really secure that less protected router, then you should be reasonably safe. You do need to keep an eye on the systems in the DMZ though - spam, child porn and cyber attacks originating from a network under your control is not a good thing.

    You have to make sure that the LAN network addresses of the router's don't conflict. A la if the DMZ router has a LAN network 192.168.0, then you should set your inner router to something different.
  4. TheBuda

    TheBuda TS Rookie Topic Starter

    well the point is to not have to really secure the less secure network, otehrwise i'll just keep my buttoned by network and continue to have to go through a long process to let a friend check his e-mail while in town.

    As for the value, the reason I ask is the speed difference. Is the wireless noticeably different between the old standard G and the enhanced or high speed G, or is it a software marketting gimick?
  5. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    You don't need to secure the DMZ network itself, but the external router. Management over HTTPS only, the latest (hopefully the most secure) firmware, strong admin password.

    WPA encryption of the wifi would be a good idea too to keep away the casual wardriver.
  6. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    I'm a great believer in keeping it simple, and would perhaps look at a wireless modem router which does not have the internal link between the wired and wireless networks (either because the link is not available or is a switchable option). I must apologise not being able to suggest one - (I get so angry when I find one the last thing I do is try a remember what the make was!) but I think kit from Safecom would do this.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...