Nested routers and Wireless security

Status
Not open for further replies.
Learned Friends,

Having gotten a nice gift card to Best Buy for Christmas I was thinking of doing a little upgrade to my home network. I'd like some thoughts and opinions before I spend the money and time

Current Set-up:

Cable Modem -> Wireless Router -> computers

- Wireless G router from Vonage (MAC Filter and WEP security enabled)
1 desktop (wired in)
2 laptops (wireless)
- 1 Windows Vista
- 1 Ubuntu 7.10

The problem of course is the usual thing, when a friend or guest comes to visit I need to give them the long key and add their system to the MAC filter. I'd like to make my home more friendly to guests. I'm not in an urban environment.

New Set-up:

Nomenclature:
CM - Cable Modem
WR1 - Current wireless router from Vonage
WR2 - New Enhanced-G wireless Router
DT1 - Desk Top #1
LT1 - Laptop #1
LT2 - Laptop #2
LTG - Guest Laptop


CM
- WR1
- - WR2
- - - DT1
- - - LT1
- - - LT2
- - LTG

So the new router nested into the old router (wired in) and my own computer put on super lock down security. The old router is left more open (no MAC filter, simple passphrase security) for any guests who come to visit.

So here's the Questions put plainly

#1 - Are the enhanced G routers fast enough to make it worth investing in one?

#2 - How secure (realistically) will my own computers be should someone break into the less secure part

#3 - Are there any major hurdles to nesting the routers I need to watch out for?

Thank you for your insights.

- Jon
 
Nodsu has shown this layout (If I recall correctly)
Code:
         ISP
          |
       MODEM
          |
       Router-1
      |      |
  Router-2  WirlessRouter
     |                .
  wired               . wireless connections
  systems

The gateway address in Router-1 will allow all systems Internet access
but inhibit access between wired and wireless
 
TheBuda said:
#1 - Are the enhanced G routers fast enough to make it worth investing in one?
All "worth it" questions are only up to you.
#2 - How secure (realistically) will my own computers be should someone break into the less secure part
Your computers will be just as safe as is there was no less secure part at all. Of course, gaining control of a device in your less secure network (let's call it DMZ, because that's what it really is) gives the attacker a platform to eavesdrop on your secure wifi and eventually crack it. Also, if they manage to get in the external router, they will be able to eavesdrop on all your internet traffic and modify it at will.

If you really secure that less protected router, then you should be reasonably safe. You do need to keep an eye on the systems in the DMZ though - spam, child porn and cyber attacks originating from a network under your control is not a good thing.

#3 - Are there any major hurdles to nesting the routers I need to watch out for?
You have to make sure that the LAN network addresses of the router's don't conflict. A la if the DMZ router has a LAN network 192.168.0, then you should set your inner router to something different.
 
well the point is to not have to really secure the less secure network, otehrwise i'll just keep my buttoned by network and continue to have to go through a long process to let a friend check his e-mail while in town.

As for the value, the reason I ask is the speed difference. Is the wireless noticeably different between the old standard G and the enhanced or high speed G, or is it a software marketting gimick?
 
You don't need to secure the DMZ network itself, but the external router. Management over HTTPS only, the latest (hopefully the most secure) firmware, strong admin password.

WPA encryption of the wifi would be a good idea too to keep away the casual wardriver.
 
I'm a great believer in keeping it simple, and would perhaps look at a wireless modem router which does not have the internal link between the wired and wireless networks (either because the link is not available or is a switchable option). I must apologise not being able to suggest one - (I get so angry when I find one the last thing I do is try a remember what the make was!) but I think kit from Safecom would do this.
 
Status
Not open for further replies.
Back