Purpose of adding a router to a WLAN

T

the_servicer

2[H]4U
Joined
Aug 16, 2013
Messages
2,094
I am currently using wifi directly from a DSL modem, and I am under the impression this is unsafe because my computers are connected directly to the internet with no protection. Would I solve this problem by buying a wireless router?
 
Chances are that your modem is actually a "gateway" which means that the modem and wireless router are combined in the same box. Now, some are more reliabile than others and/or you may find a separate wireless router that have better options than your existing device. What ISP and/or device are you using?
 
Thanks for your reply. The ISP is Frontier in Arizona and the box is a Siemens device. (I can check the exact model later today.)

So far I have not noticed any difficulty with my network. I am worried about this now because soon I will buy a new computer with Windows 8 (not Windows 8.1). I don't want the OS to get pounded by attacks before I even have a chance to run Windows Update.
 
Not really, but it depends on what you're trying to solve.


First, it's actually 2 - boxes in one. The WLAN is a pure layer 2 device, so it's just switching frames from the WLAN (WiFi) down to a switchport, to route it out to the web, and back to your wireless host.

Some basic steps you can take are to use Wireless Segementation, so that hosts on the same WLAN cannot talk to each other. This means if someone was to somehow get onto your WLAN, they wouldn't be able to access other hosts on the Wireless network (although they likely could still access wired hosts, and the internet as well, from your host IP.


The side effect of wireless segmentation is that services like Airplay, and other media streaming apps rely on host-to-host, or multicast, to work. So you'd break things like this if you enabled it on your WLAN for everything.



The benefits of a 3rd party router, is that they generally support more features, and will give you the ability to have more than one Wireless Network going at a time.

So you could conceivably have a dedicated WLAN SSID, for internal hosts needing to run services like AirPlay for instance, or DLNA, and then you could have a locked down SSID, for Data Only hosts, like your PCs, tablets, etc. That doesn't allow them to talk to each other, only the internet.



Ultimately, features are the real reason you'd get a 3rd party router. Most RG (residential gateways) are pretty modest in their featureset and usually only allow (1) SSID to be created and running, so you lose the ability to do meaningful Layer-2 isolation / segmentation.



Does this help any ?
 
So what do I need to do to make sure I have enough protection when connecting an unpatched Windows box?

This is a pretty simple situation. No need for AirPlay or anything too fancy.
 
Sure an unpatched computer is at risk by being connected directly to the internet - but far-in-away, the majority of infections are caused by browsing websites or downloading programs which carry infections.

This second vector is not protected by a NAT/PAT device, like what you have at home presently.

Good software anti-virus and software firewalls can be helpful here, as security is about layers. The more layers, generally the better.
 
I heard that it takes only about four minutes to get attacked. That's faster than one can download and install updates, isn't it?
 
Easiest way to find out is do an ipconfig on a local machine. If you have a 192.168.x.x or 10.x.x.x address chances are very good that modem has a built in NAT router. Of course, you want to make sure that router's outside interface is not doing anything weird like allowing access to the admin interface of the router. That would allow an attacker to port forward to a machine.
 
You must log in or register to reply here.
Back
Top