Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Public Wireless Question

Reply
Thread Tools

Public Wireless Question

 
 
smackedass
Guest
Posts: n/a
 
      03-22-2008
Hello,

I am looking for suggestions from anyone willing to share their experience
of setting up a secure public wireless scenario; i.e., a library or coffee
shop or a similar type location, where no user authentication is required to
get to the Internet, but where the computer that is hard-connected to the
wireless router is totally secure from the wireless users.

I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
go out and buy the thing to check it out hands-on, but I'm also interested
in hearing any of your stories.

Thanks, again,

smackedass

 
Reply With Quote
 
 
 
 
Steve
Guest
Posts: n/a
 
      03-23-2008
There are a number of options and personally I would not even consider the
Linksys.

I usually like to use a device like the Sonicwall TZ180 wireless though that
is going to be around $700 for a 25 node unit with Total Secure Package. It
places wired and wireless on separate subnets and they can easily be
configured not to be accessiable to each other. Also the TZ180 has built in
content filtering so the site owner can prevent users browsing porn and such
while in their business which would be very advisable. The TZ180 Wizard
makes it easy to configure for just about anyone with a little network
experience.

http://www.newegg.com/Product/Produc...82E16833339055

For quite a bit less the Zywall 2 Plus looks very promising as it can have
one of the LAN ports dedicated to a wireless access point that also would be
on a different subnet with none to full access between the subnets allowed.
You can download the manual from their website to read about the features
and it also has great content filtering capabilites. A Linksys wireless
acess point or any wireless router could then be used with the Zywall. To
use a router as an access point only just connect it to a wired network via
a LAN switch port and give the router a static IP on the proper subnet. I do
that all the time.

http://www.newegg.com/Product/Produc...82E16833181021

Another option is to daily chain routers though you will have some decrease
in internet performance on the downstream router. In other words connect a
wireless router to the ISP connection for wireless acess and then connect a
wired router to that wireless router via it's WAN port making sure that it's
LAN port is on a different network as in if the WAN port pulls a 192.168.1.x
network IP on the WAN side give it an IP of 192.168.2.x or such on the LAN
side. Use the wired router for your wired computers and the upstream router
connected computers will not be able to access them though the downstream
router computers could potentially access computers on the upstream wireless
router if that is a concern.

If the client has multiple static public IPs you could set up two routers
to use different public IPs - one for wireless and one for wired. In the
Chicago area it is very common to find multiple static IPs [five] with the
business class DSL for well under $100 per month and for that it is usually
best to have the ISP setup a Netopia modem/gateway to use to access the
multiple static IPs.

If the wired computers on the network are XP Pro for instance, then simple
file sharing could be disabled in XP Pro and making sure the guest account
is disabled would prevent unauthenticated access from other computers on the
network. This would be almost a no cost option but not as secure as
separating networks to insure there is no access.


If the client wants fine control over the content filtering for the
computers on the network I would strongly encourage them to consider
something like the Sonicwall TZ180 wireless or Zywall 2 Plus. For both a
modest monthly fee is required for premium content filtering and the first
year is included with the TZ180. Keeping objectionable content off of their
network would usually be good for business particualry if there is any
chance of children being in the environment and could even prevent a
potential lawsuit and increase productivty of workers that can browse the
internet during work.


Steve




"smackedass" <(E-Mail Removed)> wrote in message
news:QkdFj.1809$L92.421@trndny07...
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required
> to get to the Internet, but where the computer that is hard-connected to
> the wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure,
> I'll go out and buy the thing to check it out hands-on, but I'm also
> interested in hearing any of your stories.
>
> Thanks, again,
>
> smackedass



 
Reply With Quote
 
 
 
 
Mike Walsh
Guest
Posts: n/a
 
      03-23-2008

VLAN is not applicable to your configuration. The simplest way to secure the wired PC is to use a good firewall e.g. ZoneAlarm and turn off file sharing. The guest account should be turned off, which I think it is by default.

smackedass wrote:
>
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required to
> get to the Internet, but where the computer that is hard-connected to the
> wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
> go out and buy the thing to check it out hands-on, but I'm also interested
> in hearing any of your stories.
>
> Thanks, again,
>
> smackedass


--
Mike Walsh
 
Reply With Quote
 
Pat H1
Guest
Posts: n/a
 
      03-23-2008
This may be a little outside of what your looking for but...
check out the offerings from coova.org. It's an open source "Hotspot"
manager that includes some interesting features.

We have recently begun testing this product for some of our wireless needs
and are impressed with the ease of setup...pretty cool what you can do to a
Linsys router!, and the functionality of the product. Our test is currently
limited to just a couple of machines with Administrator access so I do not
have much "real world" time with the product.

-P

"smackedass" <(E-Mail Removed)> wrote in message
news:QkdFj.1809$L92.421@trndny07...
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required
> to get to the Internet, but where the computer that is hard-connected to
> the wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure,
> I'll go out and buy the thing to check it out hands-on, but I'm also
> interested in hearing any of your stories.
>
> Thanks, again,
>
> smackedass



--
Posted via a free Usenet account from http://www.teranews.com

 
Reply With Quote
 
MarkSatterfield MarkSatterfield is offline
Member
Join Date: Jan 2008
Location: Central Florida
Posts: 86
 
      03-25-2008
VLAN is unrelated.

Use Zone Alarm or other firewall application, as previous post suggested.

Now consider the case where you also operate your business in a wireless layer 1 configuration. In this case, you really should put the public stuff in a DMZ.

If you want to create a public side DMZ for your customers and a secure traffic private side for your office machines, then use two linksys or other commodity wireless routers, and put one with broadcasted SSID ("BobsCoffee") then cascade the other with private SSID and security. This would keep your business traffic between your machines secured against wireless sniffing.

--Mark

http://www.marksatterfield.com/
http://mark.a.satterfield.googlepages.com/
 

Last edited by MarkSatterfield; 03-26-2008 at 04:01 PM..
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments