LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2007, 08:27 AM   #1
distortedstar
Member
 
Registered: Jan 2004
Location: West Texas
Distribution: Ubuntu 7.04/MythDora 4/PuppyLinux
Posts: 78

Rep: Reputation: 15
Possible to have secure box, open wireless network?


I like the idea of keeping my wireless network open, so the occasional, casual user can get net access with no hassles.

I currently have one laptop I'm using as a MythTV box connected wirelessly, and one desktop connect via Ethernet cable into the back of the router. How could I secure these two computers while keeping my network open? Additionally, is there a way to block adult sites, etc from being accessed on my network?

Thanks!
 
Old 08-10-2007, 09:11 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by distortedstar
I like the idea of keeping my wireless network open, so the occasional, casual user can get net access with no hassles.
Kinda risky, no?

Quote:
I currently have one laptop I'm using as a MythTV box connected wirelessly, and one desktop connect via Ethernet cable into the back of the router. How could I secure these two computers while keeping my network open?
Depends on what exactly you mean by "secure". If you mean that you want to prevent casual users from accessing your laptop and/or desktop, then the most essential thing would be to make sure your laptop and desktop have proper host-based firewalls. If, on the other hand, you mean that you want to prevent casual users from analyzing your traffic, then you need to look into traffic encryption solutions (VPN, Tor, SSH, etc).

Quote:
Additionally, is there a way to block adult sites, etc from being accessed on my network?
Sure, DansGuardian is designed for this type of application.

Just my

Last edited by win32sux; 08-10-2007 at 09:14 AM.
 
Old 08-11-2007, 12:36 AM   #3
fotoITguy
LQ Newbie
 
Registered: Jun 2007
Posts: 7

Rep: Reputation: 0
Well, the best way would be to have seperate networks for each. Setup a box that connects to your cable modem and acts as your gateway router, and dhcp server. Have two nics, one going to your private network and the other to your public(wifi) network. Have your two private machines connect to a switch that connects to the one private NIC on the gateway box. Have the wireless router connect directly to the NIC on the gateway server(or w/switch).

You would be best off configuring different subnets for the private and public and setting the dhcp/gateway box to not forward between them. Basically, leaving your ISP connection as the only common piece between the networks. All this sounds harder than it really is! Also, you may need to set the wireless router to act only as a WAP(not always but prob best). This is how universities do it, two seperate networks.
 
Old 08-13-2007, 02:36 PM   #4
distortedstar
Member
 
Registered: Jan 2004
Location: West Texas
Distribution: Ubuntu 7.04/MythDora 4/PuppyLinux
Posts: 78

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by win32sux View Post
...the most essential thing would be to make sure your laptop and desktop have proper host-based firewalls.
Thanks for this idea...I just set up Firestarter on my Ubuntu desktop. That's a nice little app, by the way.

Quote:
Originally Posted by win32sux View Post
If, on the other hand, you mean that you want to prevent casual users from analyzing your traffic, then you need to look into traffic encryption solutions (VPN, Tor, SSH, etc).
I'm still checking this out. I think maybe the SSH solution would work for me, but I'm sure. I need to research some more. Do you have a good suggestion?

Quote:
Originally Posted by win32sux View Post
DansGuardian is designed for this type of application.
Awesome. I'm checking that out.

Quote:
Originally Posted by fotoITguy
Well, the best way would be to have seperate networks for each
This sounds like a fantastic idea. Not sure I have the networking know-how (or enough boxes!) to set it up at the moment though. It's definitely a solution I'll think about in the future though. Thanks for the input guys, and please feel free to add anything you may think of later!
 
Old 08-13-2007, 09:15 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by distortedstar View Post
I'm still checking this out. I think maybe the SSH solution would work for me, but I'm [not] sure. I need to research some more. Do you have a good suggestion?
I guess it depends on how much you need to encrypt. I mean, if it is just one app, and it is doable with SSH then that should suffice for your needs. I don't know how much other stuff your MythTV box is doing. Honestly I've never used MythTV although I have a vague idea of what it is. I think the optimal (for your wireless box) would be to setup VPN. This is considering that you want your wireless to remain open and stuff, while securing ALL the communications between your box to the router/gateway. But like I said, SSH might be enough depending on what the box does.

Quote:
This sounds like a fantastic idea. Not sure I have the networking know-how (or enough boxes!) to set it up at the moment though. It's definitely a solution I'll think about in the future though. Thanks for the input guys, and please feel free to add anything you may think of later!
Yeah, having the guests and you on separate networks, as suggested by fotoITguy, is indeed a great approach. You could then, for example, have your private wireless encrypted with WPA2 while having the public wireless network open. I don't know if it's feasible for you or not to have two wireless networks. I have a Linksys WRT54G and I doubt it can have two wireless networks at once with the factory-installed firmware, but perhaps with third-party firmware it is a non-issue. I'm not really sure. BTW, I think fotoITguy might have missed your stating that you also need to use the wireless network, because two NICs wouldn't really address that issue (you'd still need to secure your private wireless traffic INSIDE the open network - unless you have a second wireless network). I guess the only other thing I'd add is already mentioned in my sig.

Last edited by win32sux; 08-13-2007 at 09:20 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect to secure wireless network? pegazuz Puppy 5 02-23-2007 08:52 PM
Most secure wireless network protocol metallica1973 Linux - Wireless Networking 1 10-25-2006 08:26 AM
How to secure wireless network pixietoon Linux - Wireless Networking 4 05-18-2006 11:51 AM
cannot connect to secure wireless network with Fedora 3 raindogs Linux - Wireless Networking 5 09-15-2005 10:30 AM
how to secure your wireless network srenar Slackware 6 06-20-2004 07:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration