[ericwass]

I just inherited the Linksys WAP11 and an Airport card. I got it set up and working perfectly in my apartment. I enabled WEP with a 128bit Hex Key which, as I understand, is the best you can do. But I thought it might be fun to be one of those "information should be free" nutcases and make my wireless network available for those who might be passing by and need to send a quick email or check stocks, scores, etc.

Is there anyway to enable password free WLAN participation without exposing your own system to hackers? I.E. will someone who can get on my WLAN have access to the rest of the computers on both the wired and wireless part of the LAN? Are there any utilities for monitoring users on your WLAN? How much bandwith they're eating up, where they're going, etc? Maybe some way to boot abusers? I'd like to be a good citizen, but I don't want to endanger myself.

Thoughts would be appreciated.

[superlarry]

you should set up firewalls on the individual machines on the network (the firewall on the router will only block stuff from outside the internal network). Mac OSX has a very easy firewall: in the "Sharing" pane of the System Preferences. It's relatively easy in Windows XP, too (and maybe Win2k). the firewalls will stop any users from accessing your computers in any way they shouldn't. turn off servers that you don't use on the computers, like "remote login" in OSX as well as "windows file sharing" and "personal file sharing" just to be safe.
this probably isn't your biggest worry - another point of encryption is to secure your data as it travels over the wireless network. for example, if you check your e-mail and bank statements online, your username and password traveling unencrypted may be dangerous if hackers come within range of your network.

[ghporter]

Well now! The first thing to do is to configure the WAP11 to accept only specific MAC addresses. This will prevent the REAL nutcases from using your network. Keep the WEP encryption, too, which will frustrate the casual WAR walker's attempt to pick up credit card numbers, and so on.

Now for the friendly part: in your appartment building, post a notice that you are willing to share, but only with advance notice. Set up a free web mail account and give that address. Tell your fellow tennants that you need their MAC address and a written statement that they promise not to either break the law with your Internet access, or violate your ISP's terms of service. If they agree (you can give them your postal address for the written promise), add their MAC address to the filter list (I don't know how many it will take, but it's a fairly large number-probably over a dozen), and send them by postal mail the WEP encryption key.

It's kind of like who you'll invite to what kind of party. You can invite just about everybody to a fruit punch and cheese kind of party, because everybody's going to be on their guard, but you only invite people you trust to the all night movies and case of wine type party.

[Angus_D]

Originally posted by GHPorter:
Well now! The first thing to do is to configure the WAP11 to accept only specific MAC addresses. This will prevent the REAL nutcases from using your network. Keep the WEP encryption, too, which will frustrate the casual WAR walker's attempt to pick up credit card numbers, and so on.

Why exactly are you giving out your credit card numbers to insecure sites?

[danbrew]

Originally posted by GHPorter:
Tell your fellow tennants that you need their MAC address and a written statement that they promise not to either break the law with your Internet access, or violate your ISP's terms of service.

Interesting that you would want them to ensure that they do not violate the TOS from the ISP as this behavior (sharing bandwidth) is almost certainly a violation of the terms of service.

To the original guy - how to set it up?

ethernet coming in from dsl/cable/whatever goes into a switch with one line going out into an airport and another line going out into a router with firewall. all the machines on your internal network should connect to the router/firewall.

you'll all be able to use the airport, but they other airport users won't be able to get past your firewall.

[Phanguye]

Originally posted by danbrew:
Interesting that you would want them to ensure that they do not violate the TOS from the ISP as this behavior (sharing bandwidth) is almost certainly a violation of the terms of service.

To the original guy - how to set it up?

ethernet coming in from dsl/cable/whatever goes into a switch with one line going out into an airport and another line going out into a router with firewall. all the machines on your internal network should connect to the router/firewall.

you'll all be able to use the airport, but they other airport users won't be able to get past your firewall.

no that wont work... 2 situations

1. You have airport extreme. In this case just plug the line from your dsl into the airport then the out from teh base station into another router. This will protect teh internal network.

2. Old Airport. Modem to router, one line to airport, one to another router, internal network off second router.

easy with airport extreme... expensive without... however you can just use any mac and enable connection sharing and the firewall, it will then double as a router

[ghporter]

Angus, I sure wouldn't suggest using a credit card to buy from a site that wasn't secure, but it's pretty easy to share a drive without realizing who might be able to see it, (like an intruder on your wireless LAN), and there are various Java apps that cache data (like your credit card number) in the clear on your hard drive.

danbrew, most ISP's terms of service forbid reselling the service, but few forbid sharing it. Blatant spamming, accessing forbidden materials (like kiddie porn), and so on can cause an ISP that's not counting your bandwidth usage to pay close attention, so if you plan to share, getting a commitment from those with whom you intend to share is some protection from prosecution, while it gets those sharer's attention enough to show that you're concerned that they play nice.

On the other hand, I'm paranoid enough not to think this level of social experiment is a good thing. Not that I don't have noble leanings, but I also have met enough sweetly smiling sleazeballs that I take some convincing before I let my guard down.