Are you concerned that the WiFi users may infect your network or concerned that a compromised WiFi user may infect other WiFi users?
I'd suggest turning off file sharing for the WiFi subnet (and possibly port 25 to prevent spamming from your network). If the users can't connect to file systems on your network, it will be difficult to place a virus/trojan on that network.
Is there any security solution for a WiFi location where the users are utterly non-technical, and trying to get them to type in WEP codes a futile exercise.
It's resonable to require users to have fully-patched w2k or XP systems (and piss off a couple people that have w/98 laptops.) Needless to say, these are personal laptops, so I can't force anything on them.
There is no on-site technical staff. If all we can come up with is MAC filtering, it would take a week or two for someone to get around to updating the AP with a new members's address. We are talkking about a handfull of laptops.
Suggestions ?
Thanks.
It's their network, such as it is. It's essentially just a closed-membership internet cafe with a WiFI AP. The space is a tenant a Manhattan office building several other APs are visible, so snooping and hacking from the outside are a risk.
I'd also like to use this as a lesson to the membership about Safe Computing, but that's my adenda, not theirs. These are utterly non-technical business people. They are mature enouygh that they won't be hacking. Catching a virus that spams is a possibility, but I've had some progress in teaching about AV practices and if an indident did happen I'd use it as a teaching point.
My #1 priority is to prevent easy snoopiong because everyone uses their passwords to log into webmail and other online services. Protecting member's machines from being hacked is a secondary, and Zone Alarm would go a long way in addressing that.
Even simpler is to put the WiFi network on a different subnet from any PCs on the wired network (if it exists). I do this at home; the cable modem is connected to my main router, which serves as a gateway on 192.168.0.1 to the main LAN. Then the WiFi router is connected off of a LAN port from the main router, and the WiFi router serves as a gateway on 192.168.1.1 to the WiFi LAN. Even if WiFi security is breached, no one can get to my main LAN. It requires two routers, but I would use them anyway because of the locations involved.
The simplest for that is to set up WPA access to the wireless network. WEP can be compromised fairly easily, but WPA is generally secure. Since you indicate the members using the network are non-technical and don't want something like that, I don't know. Its easy to set up WPA on the wireless device and easy to set it up on the client. Once set up, you don't have to worry about it -- it just works. (You just have to type in a key once).
If your members connect to their web mail, etc. with a secure connection
-- that should protect them.
The only other thing I can think of is setting up the system to require VPN to connect. Since that is more work than setting up WPA, I suppose that is not an option.
Pl visit
shame - i get site "coming soon" from yourdomain.com at that address...
>Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.