IP address home network security help please

[GRM100]

Can anyone help me with IP addressing or link to a decent tutorial in simple terms.

My Set-up:
I have a wireless router/modem connected to broadband.
Both LAN PCs and a wireless laptop connect to internet successfully- WPA enabled.
Each PC has, in addition, its own s/w firewall and AV. (Norton I.S. 2005)

My Problem:
I want to permit the PCs to access each other (shared folders, printers scanner, etc, etc).
1. If I set access for a certain PC (lets say 192.168.1.1), can someone on the internet masquerade as that IP address and access my computer.
2. If I turn my computers on in a different order, are the IP addresses the other way round if auto assigned.
3. Should I therefore manually assign an IP address?
4. Are IP addresses for home networks different and hence safe from those on the internet?
5. Am I totally stupid or is this just the most confusing subject in the world.

I have tried to read through some tutorials, but I'm struggling here folks.

Thanks in advance for any help.

 

[Nodsu]

1) No unless you have some really advanced router and you configure it to do so.
2) IP addresses are assigned from the DHCP pool you set. They may be assigned differently each time.
3) If you have a problem with changing LAN IP addresses then yes.
4) Yes. The "private" IP addresses (192.168.*.*, 10.*.*.*, 172.???.*.*, 169.254.*.*) are not routed across the internet even if someone assigned them to their public interfaces.
5) In my opinion it is not confusing so you either put the question wrong or..

 

[Phantasm66]

I have a wireless router/modem connected to broadband.

There's your first issue if you are concerned about security.

Read this:

http://www.wardriving.com/

3.2 What can be done to stop it?

This is also not an easy question, there are some answers, don't use it, wait
for 802.11a, use tunneling or another authentication mechanism. If you have
determined that the information that will be transferred between your computer
and an access point will not contain any personal or confidential data, then
there s no problem in using the technology. Although, being blind to the fact
that anyone can share your network is no excuse when someone pilfers your
credit card number or cracks their way into your computers and across the
Internet. I haven’t made that decision, but I will not set up an access point
on my internal network.

As far as third party devices go, there are new technologies that are
hardware-based and permit only certain authenticated hosts to use that
connection, and provide separate encryption. There are also software
solutions, from RADIUS, to PPPoE, PPTP, IPSec, and using a firewall in
connection with any of these technologies will help. Placing the Access
Point on a DMZ and using tunneling to encrypt and authenticate users is the
securest solution, next to waiting for something better.

 

[Phantasm66]

5. Am I totally stupid or is this just the most confusing subject in the world.

You're not stupid, you have just not encountered this stuff much yet. Keep learning and reading and asking questions. None of your questions were stupid, anyway. We've all asked them before at some point, or asked questions like them before.

 

[StormBringer]

If you don't know anything about configuring your router manually, just use the defaults and set the computers to obtain IP automatically, next we want to secure the wireless portion. This can be done several ways depending on the types of security supported by your router and your wireless cards. Unless you have a dedicated server you can set up for it, or unless you have a router that includes a RADIUS server(those are quite expensive) then you'll probably want to stick to WEP or WPA(PSK or TKIP) Next, I'd suggest you also use MAC filtering to supliment your wireless security. This would be a secondary line of defense. Most routers have the ability to block or allow by MAC(physical) address. This is a unique identifier for a network adapter. Each wireless computer will need to have its adapter's MAC entered into the router to be allowed.

Some things to remember; passphrase is easy to crack because using words and phrases to genetate a key is easy to crack with dictionary attacks. You are better off either using a key you create yourself(HEX of course) or if you must use passphrase, use something like "kfjdhsjfdd dksjsikiel kfjghtyeuie" to generate it. Using real words is to easy to convert since the phrase will always generate the same key set.
Also remember that your firewall is designed to protect what is behind it so its not going to do anything to protect your wireless, especially from people just trying to steal some internet. Good news here is, most people aren't going to take the time with any type of secured network, they will usually move on and find an unsecured one down the road unless they are looking to do more than surf for free.