I am looking for suggestions from anyone willing to share their experience
of setting up a secure public wireless scenario; i.e., a library or coffee
shop or a similar type location, where no user authentication is required to
get to the Internet, but where the computer that is hard-connected to the
wireless router is totally secure from the wireless users.
I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
go out and buy the thing to check it out hands-on, but I'm also interested
in hearing any of your stories.
There are a number of options and personally I would not even consider the
Linksys.
I usually like to use a device like the Sonicwall TZ180 wireless though that
is going to be around $700 for a 25 node unit with Total Secure Package. It
places wired and wireless on separate subnets and they can easily be
configured not to be accessiable to each other. Also the TZ180 has built in
content filtering so the site owner can prevent users browsing **** and such
while in their business which would be very advisable. The TZ180 Wizard
makes it easy to configure for just about anyone with a little network
experience.
For quite a bit less the Zywall 2 Plus looks very promising as it can have
one of the LAN ports dedicated to a wireless access point that also would be
on a different subnet with none to full access between the subnets allowed.
You can download the manual from their website to read about the features
and it also has great content filtering capabilites. A Linksys wireless
acess point or any wireless router could then be used with the Zywall. To
use a router as an access point only just connect it to a wired network via
a LAN switch port and give the router a static IP on the proper subnet. I do
that all the time.
Another option is to daily chain routers though you will have some decrease
in internet performance on the downstream router. In other words connect a
wireless router to the ISP connection for wireless acess and then connect a
wired router to that wireless router via it's WAN port making sure that it's
LAN port is on a different network as in if the WAN port pulls a 192.168.1.x
network IP on the WAN side give it an IP of 192.168.2.x or such on the LAN
side. Use the wired router for your wired computers and the upstream router
connected computers will not be able to access them though the downstream
router computers could potentially access computers on the upstream wireless
router if that is a concern.
If the client has multiple static public IPs you could set up two routers
to use different public IPs - one for wireless and one for wired. In the
Chicago area it is very common to find multiple static IPs [five] with the
business class DSL for well under $100 per month and for that it is usually
best to have the ISP setup a Netopia modem/gateway to use to access the
multiple static IPs.
If the wired computers on the network are XP Pro for instance, then simple
file sharing could be disabled in XP Pro and making sure the guest account
is disabled would prevent unauthenticated access from other computers on the
network. This would be almost a no cost option but not as secure as
separating networks to insure there is no access.
If the client wants fine control over the content filtering for the
computers on the network I would strongly encourage them to consider
something like the Sonicwall TZ180 wireless or Zywall 2 Plus. For both a
modest monthly fee is required for premium content filtering and the first
year is included with the TZ180. Keeping objectionable content off of their
network would usually be good for business particualry if there is any
chance of children being in the environment and could even prevent a
potential lawsuit and increase productivty of workers that can browse the
internet during work.
Steve
"smackedass" <kemanospamcomputer@verizon.net> wrote in message
news:QkdFj.1809$L92.421@trndny07...
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required
> to get to the Internet, but where the computer that is hard-connected to
> the wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure,
> I'll go out and buy the thing to check it out hands-on, but I'm also
> interested in hearing any of your stories.
>
> Thanks, again,
>
> smackedass
VLAN is not applicable to your configuration. The simplest way to secure the wired PC is to use a good firewall e.g. ZoneAlarm and turn off file sharing. The guest account should be turned off, which I think it is by default.
smackedass wrote:
>
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required to
> get to the Internet, but where the computer that is hard-connected to the
> wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure, I'll
> go out and buy the thing to check it out hands-on, but I'm also interested
> in hearing any of your stories.
>
> Thanks, again,
>
> smackedass
This may be a little outside of what your looking for but...
check out the offerings from coova.org. It's an open source "Hotspot"
manager that includes some interesting features.
We have recently begun testing this product for some of our wireless needs
and are impressed with the ease of setup...pretty cool what you can do to a
Linsys router!, and the functionality of the product. Our test is currently
limited to just a couple of machines with Administrator access so I do not
have much "real world" time with the product.
-P
"smackedass" <kemanospamcomputer@verizon.net> wrote in message
news:QkdFj.1809$L92.421@trndny07...
> Hello,
>
> I am looking for suggestions from anyone willing to share their experience
> of setting up a secure public wireless scenario; i.e., a library or coffee
> shop or a similar type location, where no user authentication is required
> to get to the Internet, but where the computer that is hard-connected to
> the wireless router is totally secure from the wireless users.
>
> I'm told by the folks at Linksys that the WRV200 supports VLAN, and that
> VLAN ought to accomodate this arrangement. But is this enough? Sure,
> I'll go out and buy the thing to check it out hands-on, but I'm also
> interested in hearing any of your stories.
>
> Thanks, again,
>
> smackedass
Public Wireless Question 
Linear Mode
