R. DuFresne wrote: > On Wed, 26 Jul 2006, Anssi Hannula wrote: > >>> Sietse van Zanen wrote: >>> >>>> The important issue you have is not WHAT somebody can hack. It's what >>>> somebody can DO and ACCESS, WHEN you've been hacked. >>>> >>>> If somebody does manage to take over one of your systems, he most >>>> certainly gains access to ALL to systems on the same physical >>>> (sub)network. As ALL your systems are on the same net, draw the >>>> conclusion. >>>> >>>> Combine that conclusion with the innate vulnerability of WiFi >>>> networks and do the math. It's unwise to use your set up. period. >>>> It's not for nothing that reccomendations always talk about shielding >>>> your WiFi with a firewall. Now for personal use, it might be >>>> acceptable to do otherwise, but that's up to you, as always the >>>> choice is between security and convenience. >>> >>> >>> Thanks for your reply. Unfortunately, you do not seem to offer any >>> alternative to my current setup. > > Actually he did offer an alternative, though you had to read carefully > his answer; go with a wired set of networks, both distinct from one > another. Well, I can't go with wired network, especially with the laptop. I consider WLAN with a proper WPA encryption to be sufficiently secure for my purposes. > Firewall those networks, adding further isolation from eachother and > from the publc internet at large. But if these are two distinct networks (the first one being connected to internet and the workstations, the second one connected to workstations only), what do you mean by "firewalling" them? There cannot be any blocking of traffic on the first network, as the whole purpose of the network is to allow connections from the internet. The second network contains only internal traffic, and blocking any of that would result in trouble only. People, thanks for your concern over my network security, but I don't really think I can achieve much better security by rewiring my network differently. The biggest security problem I have is the possibility of vulnerabilities in the server software, and if such a vulnerability gets exploited, no firewall will help me then. I have to just make sure that doesn't happen. -- Anssi Hannula
