[NTLUG:Discuss] Wireless Home Network

[Tom Hoover]

On Sat, Jun 26, 2004 at 11:53:13AM -0500, Lance Simmons wrote:
> If I attach my wireless router directly to the Internet, I'm counting on
> D-Link having a safe firewall, because now anyone on the Internet can
> attack my wireless router.  If I put the router behind my own firewall,
> then an attacker _from the Internet_ would have to go through my
> firewall and then through the router's firewall to get to my wireless
> network.  Since I think there are orders of magnitude more potential
> attackers coming from the Internet, I'd rather not expose my wireless
> router to the Internet.

_If_ you have only a wireless network, connecting all of the computers
in your house, then I'll have to agree with you...you're a little better
off with it inside (you'll then have two layers of protection between
your wireless network and the "internet").  

But, as I mentioned in my previous message, I use only _wired_ on my
internal network.  If I put the wireless inside the firewall, there
would now be two potential ways to get to my internal network.  Since I
keep it outside the firewall, there's only one potential way into my
internal network (the Linux firewall/router)...it doesn't matter if I
put 2 or 3 wireless routers outside the firewall, there's still only one
potential way into the internal network.  I'd just rather have "one"
potential weak spot than two separate ones.

I guess it's a difference in the way that I use the wireless router.  I
really don't care if an undiscovered firmware bug causes it to be
compromised, I use it only as an access point for our laptops.  To
access the internal network, I have to ssh thru the firewall into the
internal network, which encrypts all wireless traffic anyway.

Since I don't have any unencrypted (or weakly encrypted, such as WEP)
traffic on the wireless network, I don't care if someone wants to
connect to wireless router...they're no more of a security risk that
anyone else on the internet.