Security problems with Linksys/Wireless LAN, Help. =)

Hello everyone and Happy New Year!

I have a Linksys DSL/Cable Router and a LinkSys wireless Wap. I have
an older model that has a "Nat" firewall (even though I think "NAT" does not
qualify as a firewall under the strict definitions). I am in a world of
hurt! I have a cable modem connecting 4 PC's in a wireless Network. What
kind of security measures can I add, that will still let me see all of my
LANS' resources? I tried the ICF that comes with XP and it renders a PC that
has it enabled "invisible" to the other PC's. I don't want to have an
insecure environment, but want my LAN access. What tools/software would you
guy (gals) recommend?

Thanks for the help in advance. This group has saved my backside many
a time!

Mike

PS. It's a LinkSys 4 port Cable/DSL Router is a BEFSR41 that was
purchased back in 1999 and a version "one" WAP11 Linksys wireless

Your doing something wrong, rather somthing is set wrong. ICS under WIN XP
should in NO WAY prohibit you from using full LAN capability or the other
PC's from seeing the XP machine. Sounds like you need to make sure your
workgroup is all set the same, or your permissions are set properly. This is
a common issue with XP machines interfacing with other Windows OS. Check out
http://www.practicallynetworked.com and check out ICS .


"Mike Van" <(E-Mail Removed)> wrote in message
news:ib4Kb.20045$_(E-Mail Removed)...
>
> Hello everyone and Happy New Year!
>
> I have a Linksys DSL/Cable Router and a LinkSys wireless Wap. I have
> an older model that has a "Nat" firewall (even though I think "NAT" does
not
> qualify as a firewall under the strict definitions). I am in a world of
> hurt! I have a cable modem connecting 4 PC's in a wireless Network. What
> kind of security measures can I add, that will still let me see all of my
> LANS' resources? I tried the ICF that comes with XP and it renders a PC
that
> has it enabled "invisible" to the other PC's. I don't want to have an
> insecure environment, but want my LAN access. What tools/software would
you
> guy (gals) recommend?
>
> Thanks for the help in advance. This group has saved my backside
many
> a time!
>
> Mike
>
> PS. It's a LinkSys 4 port Cable/DSL Router is a BEFSR41 that was
> purchased back in 1999 and a version "one" WAP11 Linksys wireless
>
>
>

"Mike Van" <(E-Mail Removed)> wrote in
news:ib4Kb.20045$_(E-Mail Removed):

>
> Hello everyone and Happy New Year!
>
> I have a Linksys DSL/Cable Router and a LinkSys wireless Wap. I
> have
> an older model that has a "Nat" firewall (even though I think "NAT"
> does not qualify as a firewall under the strict definitions).

A NAT router is not a FW period and most likely the SR41 doesn't even
have SPI.

The router meets the specs below.

http://www.homenethelp.com/web/explain/about-NAT.asp

> I am in
> a world of hurt! I have a cable modem connecting 4 PC's in a wireless
> Network. What kind of security measures can I add, that will still let
> me see all of my LANS' resources?

You would use a host based FW on all the machines and tell the FW(s) on
the machines about port 137 - 138 UDP and 139 and (445 NT based O/S only)
TCP about the DHCP IP(s) that can be issued by the router. This insures
that only LAN IP(s) can access those ports and share resources between
machines. You may also have to include the router's device IP as well.

You should use a sophisticated SSID. Use a sophisticated WEP or WAP key
and change it on a routine basis. I don't use WAP and don't know its
setup for security.

On the XP, drop the ICF and use IPsec on the XP OS. Or you can go with a
thrid party host based FW.

http://www.analogx.com/contents/articles/ipsec.htm

*Ipsec and You* has a script that configs ISpec and configs it too allows
the NetBios ports, the ports talked about above, to open on the machine
for the LAN. You can make your adjustments from there on the basic setup
of Ipsec.


> I tried the ICF that comes with XP
> and it renders a PC that has it enabled "invisible" to the other PC's.
> I don't want to have an insecure environment, but want my LAN access.
> What tools/software would you guy (gals) recommend?

You can set the DHCP IP(s) that can be issued by the router to the number
of physical machines on the network. It really doesn't stop anything but
will give you a clue if someone has hijacked an IP for a wireless
connection.

If not using something like Wallwatcher (free use Google) and Active
Ports (free) to watch inbound and outbound connections to and from the
router and the machines, you may want too look into using them

The buck stops at the O/S and NT based OS/S(s) can be configured to
protect themselves.

http://www.uksecurityonline.com/husdg/windowsxp.php

If you're looking for an appliance that has a true FW, then it will meet
the specs below. And they cost a lot more than a NAT router for home or
home office usage.

http://www.firewall-software.com/fir...rewall_do.html

Duane