Solved Safe to let access point use router?

June 4, 2013 at 20:55:25
Specs: Windows Vista
A new roommate asked about plugging his access point into my router so he doesn't have to redo his printer & ipad configuration.... I hadn't heard of that before but apparently it is possible (it's how I found this site).

Are there any security issues with this that I should be aware of? Is it possible for him to access my computers that way? It was my impression that allowing people to share the internet (but not my network) via wireless is pretty safe. What about if they plug in to the router?

I'm using a linkys wireless n router, Avast for security. I'm running either Vista or XP (yeah I know, I haven't had time to update the XP machine to 7). He's using Apple, which I haven't been familiar with since about 1980.

Thanks in advance

thanks


See More: Safe to let access point use router?

Report •


#1
June 5, 2013 at 08:56:17
Just make sure that your shares are password protected & the default passwords on the router have been changed. Those are things that should have been done anyway.

If you still want him to connect wirelessly, an Amped SR300 would work & he wouldn't have to change any of his settings.


How do you know when a politician is lying? His mouth is moving.


Report •

#2
June 5, 2013 at 09:44:18
Thanks Guapo - I appreciate your response.

When you say "my shares are password protected" - I think I set up the network so that it is, it's just peer to peer and the issue is that I did it long enough ago that I don't remember the details. But I'm not going to let him connect to my peer-to-peer network, I'm only letting him connect to the Cisco Router and via that to the internet. Yes, I did put a password on the router. I'm in a rural area so there is almost zero chance of someone parking up on the street and sniffing, but I lived in a big city too long and thus lock my doors :).

Re the repeater (the Amp SR300) -- interesting idea... would love to know more about how that works. Signal strength isn't an issue, convenience is for him. How would the repeater let him use his existing connection between his printer and his access point?

Thank again


Report •

#3
June 5, 2013 at 11:58:21
✔ Best Answer
No password protected file sharing in XP

" It was my impression that allowing people to share the internet (but not my network) via wireless is pretty safe."

This is ONLY if your router allows for a "guest wifi network". If not anyone connected via wifi can access your lan.

Plugging in a AP is lan access. You can't block that wifi with the guest network.

Your only protection is your software firewall. You should learn the host names of his equipment and set the firewall to deny all access to your pc.

Sounds more like his "AP" is a wifi router not that makes any difference to your setup except others will be able to connect thru him to use your internet service.

If this is the situation his network is protected from you but your network is not protected from him.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

Related Solutions

#4
June 5, 2013 at 12:19:02
The SR300 let's him connect to your router wirelessly & then he will have 5 wired ports to use. My landlady provides my internet & that was the only way I could have my full network without drilling holes for 50 or more feet of cable. As Wanderer said, he will still be connected to your LAN. Make sure that your PC asks for a password when you boot. Don't use the welcome screen. That way if he tries to connect to your PC, he will be prompted for a password. Disable file sharing if you don't need it.

How do you know when a politician is lying? His mouth is moving.


Report •

#5
June 5, 2013 at 19:33:41
guapo - thanks again. I really appreciate your time and help.

Sounds like the SR300 is similar to his access point. We're older, I don't anticipate that he will give access to friends, but it's really good to know that is possible. So he can access all of my pcs even though he'll be connected to a different network name? (I'm also going to respond to wanderer with more detail on that). Ouch.

Just because the only dumb question is the one we don't ask - right ? :):) ... I don't think I'm using the "welcome screen" - but want to make sure. My pcs all have a couple users set up (for me to use) and at least one (the Vista machine) has a guest account. All require passwords except the guest account.

I do use file sharing between all 3 of my PCs which are plugged into the router now, and need to. I share only the public area. I'm wondering if I should disable the guest account. What do you think?

(intended to update one of the XPs machines to Win 7 by now (and move the other out) but just haven't been able to :( )


Report •

#6
June 5, 2013 at 19:45:04
Thanks Wanderer, I really appreciate your help. I'm a little overwhelmed right now and want to make sure I don't leave myself open.

My Linksys router is a WRT310N. I did a little searching and I believe I have to have an E series router to have a guest network. Guest network is not an option on my admin software and when I looked at When I looked at Cisco's site, it looks like their Connect software (which must replace the easylink advisor) is only for the E series routers. I'm not opposed to getting a new router if I have to; it's just $ that I'd rather not spend if I don't have to.

So... the wireless network has one name, let's call it Wally. The peer-to-peer that is wired uses a second name, let's call it Lucille. I have two Win XP machines running SP2 and one Vista 64b machine that is up to date (for it's age of course). File sharing is enabled for the public folders.

Not to be stupid -- are you're saying that when I give someone the key to connect via WPA2 to Wally, they can also see the public folders on Lucille? That is pretty scary if that is correct.


Report •

#7
June 5, 2013 at 21:27:27
Also, guapo, wanderer (or anyone) ---

If buying a new wireless router that has the guest account capability is in my best interest, do you have any opinions on cisco vs netgear? And if Cisco, any thoughts on the model? I'm used to Cisco but not married to them -

thank you again, D


Report •

#8
June 5, 2013 at 21:48:11
Do you think it's too early to buy 802.11ac? Budget (or lack of) is very important, but if it is in my best interest to have a router with the separate guest account, I'd rather spend a little more and buy a good one than the bottom of the line budget model. Especially since I don't know what kind of hardware future housemate(s) will have. And it is very important to keep them happy.

Anyhow, I'm trying to do my homework / am not being lazy and just asking, but ... if you had to buy a new router today, would you buy the NetGear R6300? http://reviews.cnet.com/routers/net...


Report •

#9
June 5, 2013 at 23:17:52
me again ... just ordered the Linksys EA6500 ... I believe that what I want to do is cascade the routers ... keep my local network intact, just moved back one level... the new router will become the primary one that connects to the surfboard... I can let him connect to one of the lan ports and I'll connect one of the lan ports on the new router to the wan port on my current router... and we have two networks... am I saying that correctly? Am I missing anything?

ref: http://kb.linksys.com/Linksys/ukp.a...


Report •

#10
June 6, 2013 at 01:44:58
I didn't think it was necessary to do all that, to secure the network. Disabling the guest account is the first step. Two routers don't necessarily mean 2 networks, if it's all on the same subnet. The site explains that.

How do you know when a politician is lying? His mouth is moving.


Report •

#11
June 6, 2013 at 08:24:57
A routers "guest" network is ONLY related to direct wifi access. Attaching another router via lan port doesn't touch the "guest wifi" network. A new router would not correct this issue.

Your situation is a common one with small offices that want to offer their clients free wifi but are using two routers. In this case you have the guest network on the router closest to the internet connection and the business lan on the 2nd router. The reason this is more secure than your setup is the Business office is going thru the guest network and not the other way around. How this works is the guest network's gateway is to the internet not upstream to the business lan.

In your case you have just the opposite. Your only protection is the local firewall on your devices blocking access

Now if your router supported vlans that would be the best way to isolate the 2nd routers traffic from your lan while still providing internet access.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •

#12
June 6, 2013 at 08:59:17
A Vlan is the perfect solution.

How do you know when a politician is lying? His mouth is moving.


Report •

#13
June 6, 2013 at 09:02:50
guapa, wanderer,

hmmm... first, Thank You Again! for your feedback! You have no idea how much I appreciate your time!

I thought wanderer said:

Sounds more like his "AP" is a wifi router not that makes any difference to your setup except others will be able to connect thru him to use your internet service.

If this is the situation <b>his network is protected from you but your network is not protected from him.</b>

The answer to the above is Yes, his "AP" is a wifi router. I'm not worried about others connecting thru him but appreciated the reminder that would be possible.

Your comments made me think that if that works for his side, why can't it work for my side? Why can't I also cascade my current perfectly fine router from the new one I just ordered? Originally I ordered the new router because of the guest network capability ... my current router does not have that capability and can't support it ... it's 3-4? yrs old... too old...

The article I found said:

ii. LAN to WAN – Connecting one of the Ethernet ports (LAN ports) of the main router to the Internet port (WAN port) of the secondary router.

This type of cascading requires the main router and the secondary router to have different IP segments.  This connection makes it easier to identify which router the computers and other devices in the network are connected to since they will have different LAN IP segments.  <b>However, computers that are connected to the main router will not be able to communicate with the secondary router, and vice versa since there are two (2) different networks.</b>

With this method, with two cascades, I believe he'll get what he wants (which is to keep his own local network setup) and we'll both be protected from each other - right? Isn't this the example Wanderer describes for the small business setup except that instead of the guest, he'll also use a cascade, which may be lan-lan or lan-wan,? I don't really care whether we plug into an ethernet port on his AP or the internet port (former is lan-lan and latter is lan-wan) - I'm going to be lan-wan so I'll be isolated... right?

I know we originally talked about using the guest network (which I didn't know was a possibility until this conversation, thank you again), but this method does not involve using the guest network ... that won't do what he wants... he wants to be able to keep his old network and not have to set up his equipment again although I'm curious if he has cascaded his router before. If not, he may have to change some of the settings in it like the ip and the dhcp. This is assuming I can get my cascade to work LOL - but those instructions look pretty straightforward... I'll be using all cisco equip and some phone tech support comes with the new router. I haven't called Cisco in a long time. Hopefully they're support is still decent.

What do you think? I'm trying to do a selective 20-year fast forward here knowledge-wise in an area that I was never great at back then to start with.

The vlan idea is a good one but my old router wouldn't support that either.


Report •

#14
June 6, 2013 at 14:51:56
Exchange the Linksys EA6500 for a router that supports VLANs.

How do you know when a politician is lying? His mouth is moving.


Report •

#15
June 6, 2013 at 15:19:36
Thanks guapo

Do you think the Linksys EA6500 is a poor choice in general or just not as good of a solution for this problem as a VLAN?


Report •

#16
June 6, 2013 at 16:19:03
It's not a poor choice in general but you need something that's more advanced.

How do you know when a politician is lying? His mouth is moving.


Report •

#17
June 6, 2013 at 20:46:02
You're probably right - I did some more research. Maybe later or if this doesn't work. I have enough machines to test it. I wish I had more time... this is actually kinda fun.

back in a couple days,...


Report •

#18
June 10, 2013 at 17:08:19
Followup: followed the linksys instructions for cascading two routers. A new Linksys EA6500 became the primary router and my existing LinkSys WRT310N became a secondary router. Made the connection LAN-WAN to isolate the network on the secondary router (the two routers have slightly different IP addresses).

It seems to work fine. The test machine that I plugged into the main router couldn't see the computers on the network on the secondary router or vice versa. I didn't bother trying to sync the wireless, instead I disabled it on the secondary router to avoid potential conflicts. Interestingly, I can access the admin s/w for both routers but maybe that is because "my" router (the secondary one) goes thru the primary to get to the internet.

Guapo and Wanderer, I *really* appreciate your help! Thanks for your patient responses. I may be back later if I have time to set up a Vlan (and $ for equip), but it won't be for a while. I had no idea how wide open I was when letting people use the wireless ... I thought the plugging in might be a problem but had no idea that the wireless was also... it's fixed now... I like the fact that the new guest access also has a shorter password... makes it easier.


Report •

#19
June 10, 2013 at 19:38:38
I don't know about the shorter password thing but good luck w/ the rest of it.

How do you know when a politician is lying? His mouth is moving.


Report •

Ask Question