I'm uber noob at this, but I've been reading anything I can find on wlans.

I want to share a dsl connection via a wlan, but the people I would be sharing with are concerned about access to their computers by people on the network and by interception of the data in transit. I know how to make the network and the data in transit more secure i.e. port access control, change access point password, change default ssid & prevent broadcast, change default mac, and enable WEP.

My question is this: Is it possible to allow computers to be authorized for internet access only and to prevent them from accessing other computers on the network?

A VPN solution is overkill and my guess is the same is true of RADIUS; but any input would be appreciated.

Check out the products at WWW.nexland.com, good price and should solve your security issues.

You can do more for wireless security than WEP.

My wireless is configured as a 3DES VPN riding on top of WEP. The Zywall 10W permits a VPN between client wireless PC and the the router.... in other words the VPN tunnel only exists on the wireless LAN, once terminated inside the router it's handled as normal LAN traffic and can be router out to the WAN or LAN as appropriate.

There is no noticable performance degradation when running 3DES on my system vs unencrypted. Thus if you wish better security, look at some of the solutions out there (Zywall was used only as an example I'm personally familiar with, likely there are others).

I would think that if they don't have File & Print Sharing turned on, and they don't have NetBios bound to Tcp/ip, then nobody should be able to view their files anyway, only wirelessly transmitted data. You could also download a free firewall to each computer. So, if you are just sharing your ISP, WEP with MAC filtering is probably good enough for data that is probably not interesting to a hacker.

Originally posted by Super D Lux
I'm uber noob at this, but I've been reading anything I can find on wlans.

I want to share a dsl connection via a wlan, but the people I would be sharing with are concerned about access to their computers by people on the network and by interception of the data in transit. I know how to make the network and the data in transit more secure i.e. port access control, change access point password, change default ssid & prevent broadcast, change default mac, and enable WEP.

My question is this: Is it possible to allow computers to be authorized for internet access only and to prevent them from accessing other computers on the network?

A VPN solution is overkill and my guess is the same is true of RADIUS; but any input would be appreciated.

There are a few Open-source solutions if your willing to go that route. CIPE, FreeSwan (IPsec works with Linux and XP connects without a hitch) FreeRadius, just to name a few.

If you're willing to do this sort of work, this wireless gateway might be something for you as a partial solution to your issues:

http://www.nas.nasa.gov/Research/Tasks/Networks/Wireless/whitepaper.html

Best of all, outside of the hardware it's free.