1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wifi and security question

Discussion in 'Networks' started by steve_p1981, Jun 22, 2011.

  1. steve_p1981

    steve_p1981 Byte Poster

    236
    5
    30
    ok here's the scene. My boss has been told by Kawasaki UK that we need to provide a wifi point for customers. Fine. The thing is, we don't have a "proper" network, just a P2P one running mainly XP machines. I need to secure our files so that the customers can't nick or infect our files. Here's my idea:
    give the existing PC's a static IP (they are dynamic at the moment), password protect the vista machine, tell the relevant firewalls what ip addresses to allow in to see the files and cross my fingers. Would i need to configure my router to know the static ip's or does it do this automatically? as i need to let other people use the wifi, i assume i need to leave the dhcp on in the router settings?
    any help would be cool
     
    Certifications: A+ 220-701 and 220-702
    WIP: none at current but poss 70-680 soon
  2. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    Separate the traffic by implementing VLANs, so that customers only have access to the internet and not to your machines (even if you do enable the firewall).

    You may end up upgrading your switch/WAP/Route whatever equipment you have there in order to support this. However that would be alot better than facing £500k fines for losing customer data.

    -Ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  3. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Or just implement a 2nd cheap broadband package and use that instead, completely isolates the networks.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  4. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Good idea from Simon there, if possible. Also some AP's come with special guest setups which are designed for exactly what you trying to do. But a cheap AP in addition to what you have on a different subnet / vlan (as Ken mentioned) would be a good idea and also cheap.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  5. steve_p1981

    steve_p1981 Byte Poster

    236
    5
    30
    sounds good but i have never done a vlan before either, is there a good site with a tutorial on how this is done? also i assume that a separate access point which lets guests log in will have clever software to configure settings?. I need to do this as cheap as possible as the boss doesn't want to actually spend any money on this but i'm sure i can convince him if i need to.
     
    Certifications: A+ 220-701 and 220-702
    WIP: none at current but poss 70-680 soon
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    296
    319
    An entry level firewall with multiple interfaces would do.

    LAN
    WAN
    DMZ - stick your access point in there.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. melhiore

    melhiore Bit Poster

    38
    1
    37
    VLAN will work on VLAN capable switch only so you would need to check what you already have in the network...
     
    Certifications: CompTIA A+, CCENT
    WIP: CCNA, CCNA Security, CompTIA N+,S+, CWTS/CWNA
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    296
    319
    Well considering he has a P2P network do you think there will be a VLAN capable switch? :) :)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. DryPlate

    DryPlate Nibble Poster

    68
    5
    22
    Do you have a budget for this? What services, if any, do you want to give the visitors? (Access to a printer?) Do you want to give them WPA2 security? Do you want the network to just be open for anyone to join or have some sort of password or pin system? I'm thinking some open source hotspot software that's used at coffee shops might be nice and easy to integrate. You can provide a landing page when they first open their browser with your logo and some text maybe a registration page, have them just put in their name and email.. their access can expire after a set amount of time, etc.
     
    Certifications: CompTIA A+, MCDST, Apple Certified Associate
    WIP: CompTIA Network+, MCITP: EDST 7
  10. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    You'd be surprised. I once went somewhere on a consult - business with seven users, no domain, issue with 'slow' network speeds. The switch was a Catalyst 3750G and they had a Juniper SSG550 firewall :biggrin
     
    Certifications: A few
    WIP: None - f*** 'em
  11. melhiore

    melhiore Bit Poster

    38
    1
    37
    Shame on me, missed that...
     
    Certifications: CompTIA A+, CCENT
    WIP: CCNA, CCNA Security, CompTIA N+,S+, CWTS/CWNA
  12. steve_p1981

    steve_p1981 Byte Poster

    236
    5
    30
    i literally only need to provide internet access, hence the idea i had in the first place of putting all my important stuff in a passworded folder on our vista machine and giving the machines a static ip so i could tell the machines what ip's to let past the fire wall. I don't have a budget really, was thinking of doing the 2nd acess point idea. I assume i's have to turn of dhcp for that access point. would it automatically designate a different sub net?. I cant see many people using it really as we are a bike shop and most people don't ride with thier lap tops because they'd likely get damaged but kawasaki are insisting........
     
    Certifications: A+ 220-701 and 220-702
    WIP: none at current but poss 70-680 soon
  13. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    I wouldn't, what's stopping someone with enough time spoofing an IP address (by capturing it with a network sniffer) and then using a brute force attack against your system?

    -Ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  14. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    That's right, a few businesses will just buy what the saleman/woman recommends (or by the reviews of other organisations, or by what their previous company had).

    -ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  15. steve_p1981

    steve_p1981 Byte Poster

    236
    5
    30
    that's true wagner, do you know what swithes are good for hosting a vlan? and would i have to do anything with the current network or just leave it as is?
     
    Certifications: A+ 220-701 and 220-702
    WIP: none at current but poss 70-680 soon
  16. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    If you are going to separate the network into VLANs, you will need to have some way to route to both.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  17. -Mercury-

    -Mercury- Byte Poster

    196
    9
    30
    I like Modey's suggestion for a quick, cheap solution. A lot of wireless routers will support guest networks, where you can configure multiple different VLANs. Should be easy to setup.

    What make and model is your AP?

    Even if your router doesn't support this feature you could buy one that did fairly cheaply.
     
    Certifications: MCSA|MCDST|A+|Net+
    WIP: CCENT
  18. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    296
    319
    Where? :)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  19. steve_p1981

    steve_p1981 Byte Poster

    236
    5
    30
    do i need a dedicated server to do any of this? or is my p2p network capable to do it? my router is a belkin wireless n modem router, standard home kit you get from maplins etc.
     
    Certifications: A+ 220-701 and 220-702
    WIP: none at current but poss 70-680 soon
  20. -Mercury-

    -Mercury- Byte Poster

    196
    9
    30
    The short answer is no you don't need a dedicated server, your p2p network is fine in regard to this job.

    You need to provide internet access to your customers with an extremely tight budget?

    Whether you run a client-server network or a peer-to-peer network like yours, in either case it would be a very bad idea just to give your customers access to the same wireless network that you are using for your business. Anybody would be able to sniff the data travelling across the network and you would be putting your work machines in harm's way.

    You need to separate your business network traffic from the customers. One way to do this would be to setup a guest wireless network. Look on your router and find out the model number, look it up and find out if it supports this feature. Or just login to the router config web page and see what options you have under wireless settings. The last Netgear N standard router I setup could support up to four different wireless networks. Great if you want to lock down your main network tight but you need to setup an additional network to support an older games consoles that doesn't support WPA2 etc.

    If you're lucky your existing router will support multiple networks, the project costs you nothing and you could probably have it set-up in a hour or less. Have a play about with your AP and see what it can do! If it won't support guest networks then a router which does will probably set you back £60-70 but still a cheap solution. I'd obviously advise you to do your own research and confirm that this fits your needs before spending any money.

    If you have more than £60 to play with, then like others have suggested get in a second cheap broadband package from a different ISP. Do you have a spare phone line? The above guest network virtual solution should be good enough but if you want to make sure get an additional broadband connection separate line/additional router.

    Things to think about. Change default router hardware password, change SSID from default, restrict internet access when your shop is not open, properly secure your business wireless network.

    Hope this helps and good luck.
     
    Certifications: MCSA|MCDST|A+|Net+
    WIP: CCENT

Share This Page

Loading...