I've always been pretty paranoid about wireless at home--possibly undeservedly but I've seen what people do with wireless (not WPA2, of course). I didn't really use wireless until I built a segregated network for it. I am looking at expanding capability at home a bit, and looking at options for rebuiding the network. I also don't really allow untrusted/promiscuous devices on the internal network.
My current setup is an Untangle box on the perimeter with a wireless interface running a WRT45G (v5?) on a separate IP range with firewall rules blocking it from my internal network. I also like having the network separate in case I ever need to troubleshoot a suspect machine, I know it's not going to affect any of my trusted devices. This doesn't happen very often. Currently really the only devices that use wireless is our DVD player, two smart phones, and a couple laptops. One of the laptops is used for work travel and is used on a non-trusted network so I don't let it on the internal network. I have a FreeBSD/ZFS file server on the internal network that houses our client backups and all our files.
I'm looking at adding capacity to possibly a HTPC on wireless, and a couple machines to use in garage/basement that would have server access for media (playing music and stuff). I'd like to hardwire the HTPC, but currently it is not able to be on wire.
So, the two options I am looking at is either upgrade my current AP and allow limited access through the firewall to my internal network and let everyone play, or add a second AP that only trusted devices would be allowed on, and still have a segregated network for untrusted devices. The separate AP sounds like a more secure plan, but it seems like a major hassle to have two wireless networks, and the APs would have to be in relative proximity to each other so I don't know if I'd have interference issues. I would probably also decide to break down and run a firewall on my server, which I don't currently as it's relatively robust out of the box and in a fairly sterile environment.
So, which is a better plan?
My current setup is an Untangle box on the perimeter with a wireless interface running a WRT45G (v5?) on a separate IP range with firewall rules blocking it from my internal network. I also like having the network separate in case I ever need to troubleshoot a suspect machine, I know it's not going to affect any of my trusted devices. This doesn't happen very often. Currently really the only devices that use wireless is our DVD player, two smart phones, and a couple laptops. One of the laptops is used for work travel and is used on a non-trusted network so I don't let it on the internal network. I have a FreeBSD/ZFS file server on the internal network that houses our client backups and all our files.
I'm looking at adding capacity to possibly a HTPC on wireless, and a couple machines to use in garage/basement that would have server access for media (playing music and stuff). I'd like to hardwire the HTPC, but currently it is not able to be on wire.
So, the two options I am looking at is either upgrade my current AP and allow limited access through the firewall to my internal network and let everyone play, or add a second AP that only trusted devices would be allowed on, and still have a segregated network for untrusted devices. The separate AP sounds like a more secure plan, but it seems like a major hassle to have two wireless networks, and the APs would have to be in relative proximity to each other so I don't know if I'd have interference issues. I would probably also decide to break down and run a firewall on my server, which I don't currently as it's relatively robust out of the box and in a fairly sterile environment.
So, which is a better plan?