Hello guys, after being a Linux User for several months I have taken the decision to create my own wireless network (I will be the server of cource.. ).

I have some serious questions I need to ask:

1. How easy is for an intruder to bypass my network's security (Firewall + Antivirus).

2. Is there a "secure way" for me to create a secure wireless LAN?

3. Can you suggest any good Wireless Netword Administration programs?

(NOTE: All other computers in the LAN will have Windows installed, so I need an Administration program that will be compartible with Windows but will run on my Linux Server...)

With the information you've given, it's difficult to give clear answers. For example :
- How many clients will be connecting?
- How much traffic will be going over the network? (e.g. normal home use or busy office use)
- How are you going to implement the firewall?

I'll have a stab at some pointers though.

Depends how much security you have to bypass. If you have no open ports on the firewall, keep your computers patched up to date and the users are reasonably clued up on security (e.g. don't open unknown attachments), probably fairly difficult. If the firewall is misconfigured or any one of many other problems then possibly quite trivial.

Using WEP (Wireless Encryption Protocol) is reasonably secure for low-traffic networks as long as you change the key on a regular basis. WEP can be cracked easily, but needs (I think) a few million packets to do so, so if your network isn't too busy, someone's got to eavesdrop for a long time. For more security, you could implement VPNs; someone who knows more about wireless might have some other suggestions too.

Sorry, no idea.

- 4 Windows PC's
- Busy home use (Games etc.)
- I want to use an easy customizable GUI to configure my firewall, but I don't know any...

Any suggestions?

I would recommend using a dedicated device for firewall and wireless networking. For example, Linksys have some good, reasonably priced wireless routers with nice graphical front ends. For a home network that should be fine.

You might want a Linux box to act as a file & print server for your PCs, though it really depends on what you use them for - if mainly games machines then you might not really need that.

When you get your wireless router, remember that it probably isn't secure out of the box. Make sure you enable WEP as mandatory and that you have no ports open on the firewall.

Edited to add : for more complex environments there might be a case for running a separate firewall like IPCop, having proxy servers and so on. From what you've said, I doubt that's worthwhile in your case.

Thank you iainr for all your help

This is just too complicated for me and I have many serious questions...

Could you please spare some time to reply on this ?

If you have specific questions, feel free to ask and I or someone else will do our best to answer.

If you want to keep it simple, buy a dedicated wireless router such as the Linksys I linked to earlier, plug it in and away you go. Once you're comfortable with that, look at adding additional components; but get that working first.

I would start simple like suggested. There are many good wireless appliances with built in firewalls on the shelf at best buy. Just be sure to enable WEP. Plus all these come with a web admin interface.

If you want to start to go deeper try something like m0n0wall . You could go as crazy as setting up a hostap with radius authentication but why for 4 systems?

Get a good linksys, a few wireless cards and have fun learning.

Just a piece of advice if you are going to rely on WEP, make sure to change your WEP keys AT LEAST once a month. If you live in an urban area where someone can sniff traffic relatively un-noticed, you need to religiously change them and do so frequently. Make sure to restrict association with the AP to only those hosts that use WEP. The default WEP settings on many wireless routers/APs is to allow either hosts using WEP or un-encrypted traffic. So basically anyone could walk up to your house/office and get an IP by DHCP and immediately have access to the LAN and internet without knowing the WEP key.

If you are thinking about transmitting any kind of sensitive data/documents, I would definitely consider setting up some kind of encryption tunnel or something like CIPE where you are only encrypting the sensitive traffic, but isn't going to require implementing full LAN-wide encyption like FreeSWAN/IPsec or other VPNs would .