Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I secure data on wireless network?

Status
Not open for further replies.

millhouselives

Technical User
Jan 27, 2003
52
US
Hi,

I have question regarding security on a wireless network. I am helping a friend who owns a small bookstore. His equipment is the following:

1 Linksys BEFW11S4 Wireless Access Point Router Ver. 2.6

2 Dell computers using XP Pro O.S.

1 IAD provided by his ISP for High speed internet access and phone lines

1 Canon I550 printer

2 laptops one XP and the other 98SE

Here is our setup, Right now the two Dell's are connected via CAt5e cable, and we have one test laptop with a Linksys wireless USB adapter connected via the wireless software. I have both changed default router password and enabled and configured WEP for the laptop. We are using file and print sharing so he can use the printer from the laptop. What he would like to do is start a small Internet cafe type service, no more than 10 users at a time (there are only 8 small lunch tables) I forgot to mention that his business is a small combination book/cafe store. He hopes to get some travling business people to stop in for lunch and be able to check their e-mail, etc. He is thinking that he will rent USB wireless adapters to customers to connect for browsing the Internet.

We both have a little experince with networking in general (not so much with wireless) and would appreciate any help in setting this network up so that it is secure.

His (our) concern is keeping the customers out of all the folders on the two dells and the laptop..but allowing them Internet access and the ability to print if need be.

Thank you








 
You can try to protect your shares by restricting access to only authenticated users. In other words you have to have the proper login to get to them.
As for renting wireless devices, it sounds good in principal but might not work real well in real time, because you will have to configure the machines and load the proper drivers before they will work.
I think the easiest way to try to accomplish what you want and still have some control would be to setup the sytem for mac filtering, when someone comes in with a wireless device they provide you with thier mac addy and you register it on the access point. When they leave you dump it.
 
Thanks BogG1 for your reply.

I guess as far as what type of configuring will need to be done, we have two choices: 1) buy a number of Linksys USB adapters for rent, configure each one to get the mac address, enter the mac address in the router setup, and then when someone rents a USB adapter..we (actually my friend who owns the business either loads the Linksys wireless driver on the customers laptop.

2 If I follow you correctly you would just take the customer mac address and enter in the router setup for the time the customer is on-line and then just delete their mac address when they leave. The problem I see with this option is that we are assuming that the customer walking in already has a wireless NIC of some kind with their laptop.

I guess we could use a combination of both..because that would cover the two different possible customer configurations that may walk into the store.
Personally..if it were me..I guess I would bite the bullet and buy a couple of laptops configure them once and do it that way (but I have no idea of his $$$ options).

I wonder how Starbucks does this..hmmm...maybe I'll surf around and see if I can find anything technical about their setup.

 
Starbucks uses TMobile as it's transport. They take a simpler approach. You are responsible for your own internet and data security. Therefore, if you are concerned, you implement a VPN to any sensitive data source like a company Network. Most of what you do in Starbucks or any Internet Cafe is browsing the internet and do you really care if someone is watching you browse Yahoo?? You shouldn't be doing any purchasing over wireless in that public of a place anyway in my opinion. At the very least, most of the sites where a credit card would be used is using SSL.
 
1. Add MAC & WEP layer security to the existing wireless router. Use standard Windows username and password authentication security for all your local LAN shares.
2. Add an access point to your network with different channel and SSID. Don't bother with WEP or MAC security. This will be for the cafe customers.
3. Renting wireless adapters is a non-starter. You will spend an incredible amount of time installing software and configuring network adapters. And quite frankly, Linksys adapters are the most troublesome and difficult to uninstall in the business. You will be doing your customers a disservice by modifying their systems. And there is some liability that obtains from an OS modification. This is a non-starter.
4. Renting a configured laptop is acceptable. Just do not add their MACs to your original router.
5. A more general solution would be to wire network outlets at or near your tables. You could then just add a switch to a new wireless router and give it a network subnet different from your original. Say 10.0.0.x This would ensure that your local LAN was inaccessible.

Anyone with a laptop should be able to see the two access points, but will only be able to connect to the Open one. The open one cannot access the original subnet. The wired clients cannot access your original lan at all.

 
Thanks to both grogk and bcaster for your recent post.

bcaster,

I agree with #1 (have done that already) and #3 especially the liability issue, that results from having touched a "strangers" laptop. I have tried explaining that concept to my friend who has not had any IT experince. I myself do know that old formula for trouble is "last one that touched it, broke it".

I am not sure I understand #2 regarding adding an access point..could you please explain a little more in detail. Why would I want to add this access point?

As for number 4, I do agree..the problem is my friend was just trying to not spend a lot of money..I am trying to convince him to go this route for all of the above reasons. I told him perhaps he could start small with a couple of used laptops and work his way from that point. For him just having purchased this business recently he has to watch every penny. I think he is trying to do too much too soon, but those issues are his..I am just trying to help him on the tech. side. Same problem with CAT5 cabling, he wanted to go the wireless route to same $$$. Thanks again for your input, really appreciate it!


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top