Public Wireless Question

Discussion in 'Wireless Networking' started by smackedass, Mar 22, 2008.

  1. smackedass

    smackedass Guest

    Hello,

    I am looking for suggestions from anyone willing to share their experience
    of setting up a secure public wireless scenario; i.e., a library or coffee
    shop or a similar type location, where no user authentication is required to
    get to the Internet, but where the computer that is hard-connected to the
    wireless router is totally secure from the wireless users.

    I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
    VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
    go out and buy the thing to check it out hands-on, but I'm also interested
    in hearing any of your stories.

    Thanks, again,

    smackedass
    smackedass, Mar 22, 2008
    #1
    1. Advertising

  2. smackedass

    Steve Guest

    There are a number of options and personally I would not even consider the
    Linksys.

    I usually like to use a device like the Sonicwall TZ180 wireless though that
    is going to be around $700 for a 25 node unit with Total Secure Package. It
    places wired and wireless on separate subnets and they can easily be
    configured not to be accessiable to each other. Also the TZ180 has built in
    content filtering so the site owner can prevent users browsing porn and such
    while in their business which would be very advisable. The TZ180 Wizard
    makes it easy to configure for just about anyone with a little network
    experience.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16833339055

    For quite a bit less the Zywall 2 Plus looks very promising as it can have
    one of the LAN ports dedicated to a wireless access point that also would be
    on a different subnet with none to full access between the subnets allowed.
    You can download the manual from their website to read about the features
    and it also has great content filtering capabilites. A Linksys wireless
    acess point or any wireless router could then be used with the Zywall. To
    use a router as an access point only just connect it to a wired network via
    a LAN switch port and give the router a static IP on the proper subnet. I do
    that all the time.

    http://www.newegg.com/Product/Product.aspx?Item=N82E16833181021

    Another option is to daily chain routers though you will have some decrease
    in internet performance on the downstream router. In other words connect a
    wireless router to the ISP connection for wireless acess and then connect a
    wired router to that wireless router via it's WAN port making sure that it's
    LAN port is on a different network as in if the WAN port pulls a 192.168.1.x
    network IP on the WAN side give it an IP of 192.168.2.x or such on the LAN
    side. Use the wired router for your wired computers and the upstream router
    connected computers will not be able to access them though the downstream
    router computers could potentially access computers on the upstream wireless
    router if that is a concern.

    If the client has multiple static public IPs you could set up two routers
    to use different public IPs - one for wireless and one for wired. In the
    Chicago area it is very common to find multiple static IPs [five] with the
    business class DSL for well under $100 per month and for that it is usually
    best to have the ISP setup a Netopia modem/gateway to use to access the
    multiple static IPs.

    If the wired computers on the network are XP Pro for instance, then simple
    file sharing could be disabled in XP Pro and making sure the guest account
    is disabled would prevent unauthenticated access from other computers on the
    network. This would be almost a no cost option but not as secure as
    separating networks to insure there is no access.


    If the client wants fine control over the content filtering for the
    computers on the network I would strongly encourage them to consider
    something like the Sonicwall TZ180 wireless or Zywall 2 Plus. For both a
    modest monthly fee is required for premium content filtering and the first
    year is included with the TZ180. Keeping objectionable content off of their
    network would usually be good for business particualry if there is any
    chance of children being in the environment and could even prevent a
    potential lawsuit and increase productivty of workers that can browse the
    internet during work.


    Steve




    "smackedass" <> wrote in message
    news:QkdFj.1809$L92.421@trndny07...
    > Hello,
    >
    > I am looking for suggestions from anyone willing to share their experience
    > of setting up a secure public wireless scenario; i.e., a library or coffee
    > shop or a similar type location, where no user authentication is required
    > to get to the Internet, but where the computer that is hard-connected to
    > the wireless router is totally secure from the wireless users.
    >
    > I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
    > VLAN ought to accomodate this arrangement. But is this enough? Sure,
    > I'll go out and buy the thing to check it out hands-on, but I'm also
    > interested in hearing any of your stories.
    >
    > Thanks, again,
    >
    > smackedass
    Steve, Mar 23, 2008
    #2
    1. Advertising

  3. smackedass

    Mike Walsh Guest

    VLAN is not applicable to your configuration. The simplest way to secure the wired PC is to use a good firewall e.g. ZoneAlarm and turn off file sharing. The guest account should be turned off, which I think it is by default.

    smackedass wrote:
    >
    > Hello,
    >
    > I am looking for suggestions from anyone willing to share their experience
    > of setting up a secure public wireless scenario; i.e., a library or coffee
    > shop or a similar type location, where no user authentication is required to
    > get to the Internet, but where the computer that is hard-connected to the
    > wireless router is totally secure from the wireless users.
    >
    > I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
    > VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
    > go out and buy the thing to check it out hands-on, but I'm also interested
    > in hearing any of your stories.
    >
    > Thanks, again,
    >
    > smackedass


    --
    Mike Walsh
    Mike Walsh, Mar 23, 2008
    #3
  4. smackedass

    Pat H1 Guest

    This may be a little outside of what your looking for but...
    check out the offerings from coova.org. It's an open source "Hotspot"
    manager that includes some interesting features.

    We have recently begun testing this product for some of our wireless needs
    and are impressed with the ease of setup...pretty cool what you can do to a
    Linsys router!, and the functionality of the product. Our test is currently
    limited to just a couple of machines with Administrator access so I do not
    have much "real world" time with the product.

    -P

    "smackedass" <> wrote in message
    news:QkdFj.1809$L92.421@trndny07...
    > Hello,
    >
    > I am looking for suggestions from anyone willing to share their experience
    > of setting up a secure public wireless scenario; i.e., a library or coffee
    > shop or a similar type location, where no user authentication is required
    > to get to the Internet, but where the computer that is hard-connected to
    > the wireless router is totally secure from the wireless users.
    >
    > I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
    > VLAN ought to accomodate this arrangement. But is this enough? Sure,
    > I'll go out and buy the thing to check it out hands-on, but I'm also
    > interested in hearing any of your stories.
    >
    > Thanks, again,
    >
    > smackedass



    --
    Posted via a free Usenet account from http://www.teranews.com
    Pat H1, Mar 23, 2008
    #4
  5. smackedass

    MarkSatterfield

    Joined:
    Jan 26, 2008
    Messages:
    77
    Location:
    Central Florida
    VLAN is unrelated.

    Use Zone Alarm or other firewall application, as previous post suggested.

    Now consider the case where you also operate your business in a wireless layer 1 configuration. In this case, you really should put the public stuff in a DMZ.

    If you want to create a public side DMZ for your customers and a secure traffic private side for your office machines, then use two linksys or other commodity wireless routers, and put one with broadcasted SSID ("BobsCoffee") then cascade the other with private SSID and security. This would keep your business traffic between your machines secured against wireless sniffing.

    --Mark

    http://www.marksatterfield.com/
    http://mark.a.satterfield.googlepages.com/
    Last edited: Mar 26, 2008
    MarkSatterfield, Mar 25, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page