2 wireless networks, one wep one wpa

[sven]

i have run into a wpa/wep network security trap. i will soon (ok, im talking 6 months) have 2 wireless devices, one that runs only wep security, and one that will run wpa becuase i want it too. i have the delema of making myself vulnerable to have the wep device work, or have the high security i want. at the moment i have one wireless wrt54g router. the wep device only needs access the internet, nothing else. here is my plan, tell me if it works.

i will set up my current router with wpa, as an access point to my current network. it will use wpa with a 128bit key, random digits, ect. in addition to this, on another channel with a different ssid (nothing that will give away the security), using 128bit wep encription and mac filtering. the wep router will be unable to connect to any 192.168.1.* address, and it will use the 192.168.2.* range. if i set the second router to use the connecting dsl router as a gateway, the internet should work, and no access to any files/shares/services ect.

i want to make sure that all security holes are closed up (besides the fact that wep is insecure), causing minimal possible damages to my own personal data.

if there is anything wrong with my plan or if its confusing (yea, gotta work on my english lol), post you ideas and we'll figure everything out together.

[gamehead200]

I know for a fact no one in your neighbourhood will want to steal your Internet or access your network.

Will you be using two routers? (I'm assuming so.)

[rssfed23]

One wonders why one would want or need such security.

Bit silly really

[RogueSpear]

There's some information missing here. Do you plan on having a gateway PC that presumably would have two WiFi adapters running Internet Connection Sharing? Or is your idea to have the AP router use the other router as it's default gateway? The first scenario should work, though I would never arrange things in this fashion. The second scenario would probably not work because I don't think with consumer grade WiFi devices you're going to be able to use WEP and WPA simultaneously, let alone selectively.

[sven]

@ gamehead. i cant be so sure, iv actualy used someone elses wifi network in my area, and hes across the street.

@ rssfed23. i will have some sensitive data being transfered over my network. all my parents business data is run and stored on a computer accessible by network. i would rather have the high wpa security and not have any of this compromised. knowing gamehead200, he will be sitting on my front porch trying to crack it.

@RogueSpear: i currently have a gateway router while dials out to the internet and manages my port forwards. i have added a wrt-54g to act as an access point. it will be running using wpa as an extension to my current network. i will possibly add a really cheap (i mean 20$ or less) router which will create a 2nd network, running on a different ip range and subnet, using wep, no access to shares or any data on the original network except the internet connection.

on another note, someone told me that in the next version of dd-wrt (which i have already installed on my wrt-54g) that we will be ble to create 2 seperate networks with different parameters. hopefully they'll do that.

[Gouki]

Well, my 2 cents.

You can have encripition done over encription. What I mean is that, you can have WEP or WPA (in a near future WPA II) and over that IPSec.

There are various documents on Microsoft TechNET site that say this is possible, however they do not recomend it.

BS. Use it. It works!

For a better security, you can also assign static IPs for single MAC Address.

On other words, you would enter the MAC addresses of your home computers, and then assign a static IP to those same MACs.

Another solution would be turning DHCP off and work with static IPs (you can turn DHCP client Service off with this).

MAC Filtering, is always a good thing to have.

I believe that, with all this security it will be pretty hard to break in.

[RogueSpear]

If you're using IPSec to create an encrypted transport, there's no reason at all to use WEP or WPA over that. In a home environment, you're probably better off using WEP or WPA rather than farting around with IPSec.

If you'd like to pull your hair out, then by all means go ahead with implementing IPSec.

[eyeball]

personally i would run both with wep, turn of the SSID broadcast, enable MAC filtering and use static address, i really cant see anyone being able to get through that without pure determination

[sven]

well, heres how i have it: wep 128 bit, mac filtering, dhcp is ON (dont ask, i find it simpler), ssid off

at this very moment: wireless [disabled]

in the future: ill see what dd-wrt has in stock. i might even just get rid of the palm pilot encription and stick with wpa.