WAP security on wired network

It's been a while since I cared about this and I am not aware of any recent
developments in wireless concerns/security.

I recently installed DHCP into my wired domain to allow for visiting laptops
to connect to my (otherwise) wired network via a WAP and obtain an IP via my
Windows domain DHCP server. This DHCP server is used only for the WAP. All
other servers (3) and workstations (4) are using static IPs. The wireless
device is configured as a simple WAP plugged into a network switch and has
no IP.

What is the most unobtrusive form of security I can implement to prevent
someone parked outside my house from gaining unauthorized entrance into my
network? I don't care if this is computer based security, existing firewall
based security, or wireless security, just as long as it works and is fairly
unobtrusive to performance and configuration on the remote users' part.

My current network is a "routine" setup of 2 W2K Servers (FSMO and backup)
and a firewall computer for my internet connection to the outside (running
Kerio Winroute Firewall - great product!). I control most/all security via
the firewall.

Thanks!

-Frank

"Frank" <(E-Mail Removed)> wrote in
news:46edndGe1-(E-Mail Removed):

> It's been a while since I cared about this and I am not aware of any
> recent developments in wireless concerns/security.
>
> I recently installed DHCP into my wired domain to allow for visiting
> laptops to connect to my (otherwise) wired network via a WAP and
> obtain an IP via my Windows domain DHCP server. This DHCP server is
> used only for the WAP. All other servers (3) and workstations (4) are
> using static IPs. The wireless device is configured as a simple WAP
> plugged into a network switch and has no IP.
>
> What is the most unobtrusive form of security I can implement to
> prevent someone parked outside my house from gaining unauthorized
> entrance into my network? I don't care if this is computer based
> security, existing firewall based security, or wireless security, just
> as long as it works and is fairly unobtrusive to performance and
> configuration on the remote users' part.

> My current network is a "routine" setup of 2 W2K Servers (FSMO and
> backup) and a firewall computer for my internet connection to the
> outside (running Kerio Winroute Firewall - great product!). I control
> most/all security via the firewall.

One thing is I would limit the number of DHCP IP(s) that could be issued.

There are wireless IDS solutions on the market that you could look into.

I use IPsec on all machines behind the WatchGuard appliance to further
protect the LAN a simple solution with the AnalogX SecPol file
implementation.

http://www.petri.co.il/block_ping_tr...with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

I have a Linksys wireless router I have had for a couple of years that
was turned into wireless switch and placed in the trusted zone behind the
WG. I am now thinking about reconfiguring it back to a router again and
placing it outside of the trusted zone doing a port forwarding VPN
solution into the trusted zone. If it gets *hacked*, it will be outside
of the trusted zone.

The other software I use is BlackIce on all machines to protect the LAN,
which has come into play with the protection with the ISP's POP3 and NG
servers being contacted by one of my machines.

There is really not a whole lot you can do in the protection with a
wireless setup in the trusted zone.

Duane