• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

How do you secure your public wireless?

iamkion132

n00b
Joined
Feb 27, 2007
Messages
57
I'm curious as to how people secure their networks if there is a public wireless access point. They are wanting to possibly add a wireless network to my workplace for visitors and residents to be able to use the internet (A senior home). I would prefer a hardwired station that I had control over which I would bring up but in case not I want to ensure that nothing get's onto our network. I do have a fair amount of ability to say what goes on but you only have so much power.

I do of course have ideas on how to but I don't think I'm going to be the one setting things up. I could without too much difficulty but I would like to hear from people who have actual experience with things like this. Some quick notes, anyone accessing the network would be required to have anti-virus, SP 2 though 3 would be better for XP, SP1 for vista etc. I would probably want to have it as a separate network (10.* vs 192.*) as well and have the firewall restrict that network from the business portion.

One problem that I see is that we only have one server acting as DNS and DHCP, so would this create a problem for getting IP addresses to the public network if traffic was restricted? Of course ports could be opened for those so I might be over thinking it.

I can provide additional information as well if need be.
 
Make a VLAN for wireless and only allow access to the internet, nothing local. Use encryption (WPA2), make the key available to authorized users.
 
Captive Portal of some kind is the best.

For relativly small installs, http://worldspot.net/ is great and free for free hotspots. You can make nice login pages, etc. Combined with DD-WRT on a compatible router and it is awesome.
 
Vito is right. VLAN's are perfect for this type of situation. VLAN 1 can be your internal network. Then VLAN 2 can be your wireless. VLAN will allow internet access across both VLAN's but not communication between nodes.

I setup a mobile park and did this. Then I just closed all the ports except 25, 80, 110, and 443 to the wireless VLAN. Setup QoS and your good to go.
 
and if you want to simplified version, use something like I posted above and it automatically makes the vlans and is simple as can be ;)
 
The Netgear ProSafe Wireless Access Points have a feature that will segregate the users from each other too. Then on top of that put the WAP on its own VLAN so that it doesn't see your normal network.

100% secure
 
Back
Top