Like a lot of people, the convenience of wireless networking appeals to me, but I just don't trust its security in comparison to wired networks. So I've been looking for a portable device which has a wireless receiver on one end and a wired connection on the other, with a hardware firewall built into it. If I had a PC, it would be ideal to have it on a PC card, but I have a Mac, so it would have to be a separate device. I've seen virtually nothing like this. The one exception has been a 3Com card for enterprise deployment, where the firewall controls are remotely controlled by a server, which of course isn't what I want.
So my question is: has anyone encountered such a device? Do people think this is a stupid idea, or a bright one?
Actually, I've done better breaking into wired networks. Most LAN's are protected by a firewall. Inside the LAN, security is usually marginal at best. If I can get physical access, then a wired LAN is easier than wireless. Of course, that's the real issue, in that wireless hacking does not require physical access.
The typical wireless router includes a firewall. The problem is that the firewall is between the WAN (internet) port, and the LAN/wireless ports. You can connect the WAN port to your presumeably existing router and end up with a firewall in the path, but it would be backwards and protect your wireless from access from the WAN (or your existing LAN), and not the other way around, which is what I presume you want.
I'm not sure what this firewall would do for you anyway. The real protection in a wireless LAN is in the encryption. A good secure WPA or WPA2 encryption should be sufficient until the next big exploit is released. So far, WPA has not been cracked except for short and stupid keys.
These are called a "wireless switch", which is also sold by Aruba, Symbol, Cisco, Xirrus, Foundry Networks, etc. The idea is to deploy really dumb wireless radios and control everything from a fairly intelligent central switch. This makes corporate WLAN's easy to deploy, expand, and manage. It doesn't buy you anything for a home system. Incidentally, none of these have in internal firewall.
I can't say. I have no idea:
What you are trying to accomplish?
What you have to work with?
What I guess(tm) you're attempting sounds like it could best be done with a very conventional wireless router (or wireless access point depending on your existing setup), and a game adapter, wireless client bridge, or similar ethernet to wireless device.
On 19 Aug 2006 06:52:00 -0700, "bamster" wrote in :
WPA with a strong passphrase actually provides excellent security. WPA2 even better. Worry more about security over the public Internet. Back them up with VPN and/or SSL/TLC for even more security. Wired too for that matter.
That's probably two devices: wireless client bridge plus hardware firewall. Personally I'd just rely on a personal firewall in the attached computer.
No such animal AFAIK.
Wireless client bridge (e.g., Apple Airport, which I use and recommend)
*is* more secure than any internal/USB wireless adapter. The reason is that device drivers for adapters are vulnerable to attack, as was demonstrated at the recent Black Hat conference.
Axel: the 3Com card I was referring to is described here:
formatting link
Jeff: the problem I'm particularly worried about is public wireless access points, such as in coffeeshops. I'm not completely crazy about having a wireless network in my home without a wired-to-wireless bridge, just because, as you say, the firewall in the router only protects you from the WAN, not from the people who break into your wireless network directly.
On 21 Aug 2006 05:50:08 -0700, "bamster" wrote in :
There are wireless routers that can isolate wireless from wired, and even different wireless clients from each other. Such functions are typically found in so-called "hotspot" routers, but can also be implemented in certain low-end routers with third-party firmware. See wikis below for more information.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.