WiFi Security for Semi-Public locations ?

Are you concerned that the WiFi users may infect your network or concerned that a compromised WiFi user may infect other WiFi users?

I'd suggest turning off file sharing for the WiFi subnet (and possibly port 25 to prevent spamming from your network). If the users can't connect to file systems on your network, it will be difficult to place a virus/trojan on that network.

Reply to
Jerry Park
Loading thread data ...

Is there any security solution for a WiFi location where the users are utterly non-technical, and trying to get them to type in WEP codes a futile exercise.

It's resonable to require users to have fully-patched w2k or XP systems (and piss off a couple people that have w/98 laptops.) Needless to say, these are personal laptops, so I can't force anything on them.

There is no on-site technical staff. If all we can come up with is MAC filtering, it would take a week or two for someone to get around to updating the AP with a new members's address. We are talkking about a handfull of laptops.

Suggestions ?


Reply to
Al Dykes

It's their network, such as it is. It's essentially just a closed-membership internet cafe with a WiFI AP. The space is a tenant a Manhattan office building several other APs are visible, so snooping and hacking from the outside are a risk.

I'd also like to use this as a lesson to the membership about Safe Computing, but that's my adenda, not theirs. These are utterly non-technical business people. They are mature enouygh that they won't be hacking. Catching a virus that spams is a possibility, but I've had some progress in teaching about AV practices and if an indident did happen I'd use it as a teaching point.

My #1 priority is to prevent easy snoopiong because everyone uses their passwords to log into webmail and other online services. Protecting member's machines from being hacked is a secondary, and Zone Alarm would go a long way in addressing that.

Reply to
Al Dykes

Even simpler is to put the WiFi network on a different subnet from any PCs on the wired network (if it exists). I do this at home; the cable modem is connected to my main router, which serves as a gateway on to the main LAN. Then the WiFi router is connected off of a LAN port from the main router, and the WiFi router serves as a gateway on to the WiFi LAN. Even if WiFi security is breached, no one can get to my main LAN. It requires two routers, but I would use them anyway because of the locations involved.

Reply to
Jim Fox

The simplest for that is to set up WPA access to the wireless network. WEP can be compromised fairly easily, but WPA is generally secure. Since you indicate the members using the network are non-technical and don't want something like that, I don't know. Its easy to set up WPA on the wireless device and easy to set it up on the client. Once set up, you don't have to worry about it -- it just works. (You just have to type in a key once).

If your members connect to their web mail, etc. with a secure connection

-- that should protect them.

The only other thing I can think of is setting up the system to require VPN to connect. Since that is more work than setting up WPA, I suppose that is not an option.

Reply to
Jerry Park

Pl visit

formatting link
for the answer to all your questions. They have what I believe is the best solution that has a captive gateway, content advisor and a firewall rolled and packaged into a single live CD. I am using it and it takes all of 1 hour to do the entire setup (including the 200MB download). After that all it takes is to boot and forget that you ever had a problem!

Reply to

shame - i get site "coming soon" from yourdomain.com at that address...

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.