NationStates Jolt Archive

So...I'm trying to figure out wireless networking and stuff...

My family wants to set up a wireless network in our house...

...we want to share internet between My Laptop, My Sister's Laptop, My Desktop and my consoles (PS3, 360)...I know, like, nothing about networking It hasn't really ever made sense to me...I want to have my 360 and Desktop connected by wire and have the Laptops and PS3 wireless

But..
I found this diagram on our "series of intertubed webs"...http://help.insightbb.com/images/help/game_consoles/ps3_to_wireless1.gif

and I was wondering If I should just blindly follow it??
also...
I have this switch (http://www.compusa.com/products/product_info.asp?pfp=SEARCH&Ntt=dss-5%2B&N=0&Dx=mode+matchall&Nty=1&D=dss-5%2B&Ntk=All&product_code=50016161&pfp=SEARCH)...can I use it instead of buying a router??

Help, Advice, Suggestions...anything?

How hard is it to plug stuff into a router...

i just followed the instructions on the installation CD for my wireless network. worked on the second try. i was only dealing with laptops though, don't know about anything else.

How hard is it to plug stuff into a router...


The problem isn't the difficulty of plugging stuff in. It's the ease with which one can do stupid things like put a wireless access point inside the router/firewall's internal network thereby making it far easier for the general public to get inside said internal network. For instance:

http://help.insightbb.com/images/help/game_consoles/ps3_to_wireless1.gif

Putting routes to the Untrustable Outside on both sides of the router/firewall is just a bad idea. It kinda helps to make the router/firewall pointless.

EDIT: Adding a wireless access point in a less insecure manner will require construction of a DMZ (http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29), which in turn will require at least two router/firewalls (or one router/firewall that can do DMZs correctly; home/consumer-level router/firewalls that claim to have a "DMZ host" or some such other nonsense do not do DMZs correctly).

SPARTANS!!! TONIGHT WE DINE IN HELL!!!!!!!!

*Impales your laptop*

EDIT: Adding a wireless access point in a less insecure manner will require construction of a DMZ (http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29), which in turn will require at least two router/firewalls (or one router/firewall that can do DMZs correctly; home/consumer-level router/firewalls that claim to have a "DMZ host" or some such other nonsense do not do DMZs correctly).

Wouldn't a 64 or 128bit WEP encryption key do the trick?

SPARTANS!!! TONIGHT WE DINE IN HELL!!!!!!!!

*Impales your laptop*

Hahaha!

If you don't hook it up that way, how the hell else do you set it up?

Have you sacrificed a goat yet?

http://www.josefaxner.com/wp-content/uploads/2006/10/spartans3.jpg

Wouldn't a 64 or 128bit WEP encryption key do the trick?

WEP will work for about the 2 minutes it takes a modern computer to exploit its vulnerabilities and gain unauthorized access.

Seriously. (http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy) Big encryption keys (which 64 and 128 actually are not) only work as well as the software/algorithm using them.

But encryption, while hugely important and should be used, is still beside the point. The point is to reduce the number of vulnerabilities/openings to the minimum possible to begin with. Because encryption will be broken (it is but a matter of a stolen laptop with accompanying key, an idiot giving all his friends the key who then give their friends the key who then[...], or time paired with the inevitable release of a faster encryption-busting processor) and software will have bugs in it.

A hole is a hole and is a security vulnerability by definition. Insecurity can be reduced with encryption and other techniques, but relying on these to cover up what is just poor network design from the start is just lazy and a very bad idea. Eventually technology will fail or you will miss something that an attacker will not.

EDIT: there is a concept called "multiple lines of defense" that is quite apt here. Museums, banks, and other places storing extremely valuable items don't just put everything behind one lock. They put it behind a lock, motion sensors, light sensors, noise sensors, more locks, armed guards, yet more locks, so on and so forth. These things are arranged in such a way that an attacker would have to defeat each and every one in order to get the diamonds. The same should be true for network security. One should not rely on only a single protection (like WEP) but should instead put the valuables (your internal network) behind as many such protections as possible (WPA (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access), MAC filtering, Router/Firewall, Firewall software running on every computer in the internal network...). Thus, in the inevitability that one of the protections fail, others remain. Again, putting all the eggs in one basket is just poor design.

If you don't hook it up that way, how the hell else do you set it up?

Untrusted Network (Internet) <---> Router Firewall <---> Untrusted Network (Wireless Access Point)
___________________________________|
___________________________________^
___________________________________L--> Router/Firewall <---> Trusted/Internal Network

With the router/firewalls properly configured, users of the wireless access point and internal network can talk to the Internet, but the wireless access point cannot talk to the internal network (as it is blocked by the second firewall). Since wireless should be considered untrusted by definition, this is not a problem. Only those with physical access to the internal network to begin with have any business having network access to the same. Simple as that.

EDIT: and don't anyone tell me about access points with built-in firewalls or which work logically as diagrammed above. In helping to maintain a relative's wireless setup, I've watched at least two such "everything in the box" access point/router/firewalls fail, malfunction, or otherwise operate in an unpredictable or broken way. Putting all the shit in one box just means that when something fails, everything fails. This is bad. NOT putting everything in one box is actually a good thing.

This is also true for politics (http://en.wikipedia.org/wiki/Decentralization), this being NationStates and all. :D

Because encryption will be broken (it is but a matter of a stolen laptop with accompanying key, an idiot giving all his friends the key who then give their friends the key who then[...], or time paired with the inevitable release of a faster encryption-busting processor) and software will have bugs in it.

I was kind of talking about residential level network security...assuming a wireless router and a modem.

Although there is one extra line of defense. The walls of my home seriously degrade wireless networks once you step outside. You would have to be within a meter of the wireless system from the outside to get a decent connection.

Untrusted Network (Internet) <---> Router Firewall <---> Untrusted Network (Wireless Access Point)
___________________________________|
___________________________________^
___________________________________L--> Router/Firewall <---> Trusted/Internal Network

With the router/firewalls properly configured, users of the wireless access point and internal network can talk to the Internet, but the wireless access point cannot talk to the internal network. Since wireless should be considered untrusted by definition, this is not a problem. Only those with physical access to the internal network to begin with have any business having network access to the same. Simple as that.

EDIT: and don't anyone tell me about access points with built-in firewalls or which work logically as diagrammed above. In helping to maintain a relative's wireless setup, I've watched at least two such "everything in the box" router/firewalls fail, malfunction, or otherwise operate in an unpredictable or broken way. Putting all the shit in one box just means that when something fails, everything fails. This is bad. NOT putting everything in one box is actually a good thing.

This is also true for politics (http://en.wikipedia.org/wiki/Decentralization), this being NationStates and all. :D

I meant without having to add more hardware. I assumed that he already had the hardware in the picture at home. I just use a router that is also a wireless access point.

I was kind of talking about residential level network security..

And I'm talking about not getting hacked :D

Walls also provide some protection, yes. Then again, I've sat at my grandfather's desk using wireless network detection software to check his wireless setup and detected several of his neighbors' networks. I imagine those signals were passing through several walls.

None of these neighbors were even remotely secure, of course. This seems to be par for the course, unfortunately.

I meant without having to add more hardware. I assumed that he already had the hardware in the picture at home. I just use a router that is also a wireless access point.

The "EDIT:" in my post explains what I think about the all-in-one solutions.

The "EDIT:" in my post explains what I think about the all-in-one solutions.
a) I don't care
b) I am lazy
c) I don't care

And I'm talking about not getting hacked :D

Walls also provide some protection, yes. Then again, I've sat at my grandfather's desk using wireless network detection software to check his wireless setup and detected several of his neighbors' networks. I imagine those signals were passing through several walls.

None of these neighbors were even remotely secure, of course. This seems to be par for the course, unfortunately.
I 'secure' my network with WEP. If someone makes the effort to hack into it and steal my connection/worthless data, I will make the effort to fill their hard disks with horse porn. It is only fair.

And I'm talking about not getting hacked :D

Walls also provide some protection, yes. Then again, I've sat at my grandfather's desk using wireless network detection software to check his wireless setup and detected several of his neighbors' networks. I imagine those signals were passing through several walls.

None of these neighbors were even remotely secure, of course. This seems to be par for the course, unfortunately.

I know what you mean. I'm just saying that the walls here seem to absorb the frequency the access point is operating on a heck lot better than most other places I've seen.

It'd take criminal trespass to get within effective range of the router.

Anyways, care to detail all that extra stuff you were talking about and how-tos?

bleh. Cable modem connects to wireless router(get a netgear with 4 ethernet ports aswell.) pull wires from the router to the 360 and ps3. Use stronger encryption than WEP as someone can just park their car outside and hack you to the end of the world if you're unlucky. WPA works alot better.