DHCP/Wireless

All,

I'm looking for a bit of advise here. My network consists of Server
2003 handing out DHCP addresses to clients within my network. I also
have a netgear wireless router serving my wireless clients howerver the
DHCP address comes from my Server 2003 dhcp server.

My problem: I have my wireless network not broadcasting the SSID, MAC
addresses for the wirless cards assigned and 128 bit WEP keys. I'm
really tired of the poor performance when copying data to/from wireless
clients to servers. I've read a few topics on the internet that have
claimed that wep encryption can decrease performance by 50% over
wireless.

Is it possible to handle my wlan a little bit different? Maybe turn wep
off and turn VPN encryption on with server 2003?

I'm open to any ideas here.
JJ
(E-Mail Removed) <-remove nospam

"merc" <(E-Mail Removed)> wrote in news:1105926452.772974.310950
@z14g2000cwz.googlegroups.com:

> All,
>
> I'm looking for a bit of advise here. My network consists of Server
> 2003 handing out DHCP addresses to clients within my network. I also
> have a netgear wireless router serving my wireless clients howerver the
> DHCP address comes from my Server 2003 dhcp server.
>
> My problem: I have my wireless network not broadcasting the SSID, MAC
> addresses for the wirless cards assigned and 128 bit WEP keys. I'm
> really tired of the poor performance when copying data to/from wireless
> clients to servers. I've read a few topics on the internet that have
> claimed that wep encryption can decrease performance by 50% over
> wireless.
>
> Is it possible to handle my wlan a little bit different? Maybe turn wep
> off and turn VPN encryption on with server 2003?
>

Well a VPN connection between client and the server machine is another
encryption method of the traffic and prevents eavesdropping on the TCP/IP
connection just like WEP for the air waves. WEP does slow the traffic down
on copying of data files along with wireless in general. A VPN connection
would be OK to replace WEP. IPsec is on the Win 2K3 server and Win2K, XP
Pro and Home workstations and can be used over wireless. Now, how much
using IPsec is going to speed up things is another story.

Duane

Hey Duane,

Anything better than my 3.5mb (on a 11/54/108 wireless) transfer rate
would be great. As I have a basic admin knowledge on Server 2K3, could
you give me an idea what I would have to do on the network side?

I've already got DHCP enabled and Remote Routing enabled for VPN
access. Is there a way I can tell my DHCP server to not hand out IP
addresses unless they are authenticated?

JJ

"merc" <(E-Mail Removed)> wrote in news:1106014170.522853.26160
@z14g2000cwz.googlegroups.com:

> Hey Duane,
>
> Anything better than my 3.5mb (on a 11/54/108 wireless) transfer rate
> would be great. As I have a basic admin knowledge on Server 2K3, could
> you give me an idea what I would have to do on the network side?

That's going to have to come from someone with more experience than I.
There are a couple of Top Guns floating in the NG on the Admin knowledge.
Maybe, they will step in here.

http://tinyurl.com/48k3m
http://tinyurl.com/5orwy
http://tinyurl.com/1mls

The links will give you some help as IPsec is very powerful tool.

You should be able to find articles on Google and Dogpile.com on how to
enable and setup IPsec for VPN on the Win 2k3 Server and the client
machines such as those that have been discussed.

>
> I've already got DHCP enabled and Remote Routing enabled for VPN
> access. Is there a way I can tell my DHCP server to not hand out IP
> addresses unless they are authenticated?
>
> JJ
>
>

Sorry, I don't know about issuing DHCP IP(s) to authenticated users,
except for the possibility of a Domain controller in the picture. I do
know that you can implement the Authenticated User Group account on a NT
based O/S share using NTFS. That would mean you remove all accounts from
the share and apply the Authenticated Group account on the share with the
appropriate permissions and only Authenticated users can access the
share. What you could also do is remove the Everyone or Guest account off
all folders/directories on NTFS so that they cannot be compromised by
someone using the account.

You should look into securing the Win 2k3 O/S from attack like securing
the file system, registry, and other things from attack etc. The buck
stops at the O/S. There should be plenty of articles out on Google or
Dogpile.com.

Duane

On 16 Jan 2005 17:47:32 -0800, "merc" <(E-Mail Removed)> wrote:

<snip>

>My problem: I have my wireless network not broadcasting the SSID, MAC

<snip>

so any poor bastard near you unfortunate enough to pick the same channel won't
be able to figure out where the interference is coming from?

Anyone who _wants_ to see your SSID can do so, broadcasting or not.