microsoft.public.windowsxp.security_admin

Anteaus wrote:
> This has been covered extensively in a previous post.
>
> The most secure approach is double-NAT -Two routers daisy-chained,
> with your LAN at the far end, public access in the middle. To do this
> you need a second NAT router of the ethernet-in, ethernet-out type.

That's one of the things I'd suggested, yes (so did Jack-the-MVP) :)
>
> Approaches using an IP-based firewall may be adequate, but do take
> into consideration that wireless IPs can be manually set (to be
> within the priveleged range) instead of using DHCP.

Sure -

> Also, if an
> internal computer loses its IP address and reverts to DHCP, will this
> put it into the public zone, and therefore at risk?

In what scenario?

The Sonicwalls to which I referred to have an entirely isolated subnet for
wireless. Supports WPA & if an internal user wants wireless, they can use
the Sonicwall VPN client to get in from the wireless network.They work quite
well.