Computers4us
asked on
How would you set up a public / private wireless network?
I have to set up a wireless network for visitors to the building and employees of the building and am looking for ideas on the best way to do this balancing cost and security. Visitors need to be able to print to some network printers and access the internet. The employees need to print to those same printers (and others), access the internet AND access files on a server / shared PC (there's only 7 employees, so we could go with a workgroup / shared Win XP pro machine as the 'server').
Encryption on the wireless? a nuisance for visitors that are only there for a few hours.
NTFS on the shared machine's files? Is that ok to protect the data from wardrivers rather than encryption?
since they are both sharing the internet, they need to be on the same subnet?
thanks!
Encryption on the wireless? a nuisance for visitors that are only there for a few hours.
NTFS on the shared machine's files? Is that ok to protect the data from wardrivers rather than encryption?
since they are both sharing the internet, they need to be on the same subnet?
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
diggisaur - I'd think I'd braodcast the SSID, - makes it easier to configurre - the laptop says it found a network, want to connect? rather than have the user have to find where to enter the SSID to connect to in his laptop. But regardless of that... are both access points on the same subnet? once you come into the 'public' access point, you are on the same network as the encrypted people? What protection do you gain by having 2 access points then (the visitors need to access at least some of the printers that the employees would access...
ewtaylor - so you are paying for 2 IP addresses? Nice solution except if the public wants to access the network printers - then the printers have a whole 'nuther public IP and are behind the other router.
ewtaylor - so you are paying for 2 IP addresses? Nice solution except if the public wants to access the network printers - then the printers have a whole 'nuther public IP and are behind the other router.
We have some generic printer that you can plug into the usb port, we selected ones that have native drivers for win2k and winxp. However we are like an upscale spa and medical practice so we just offer the clients the chance to use our wireless network while they wait. I think our isp charges us $15 for the second ip address, a small price to pay for the security it offers.
Yea ewtaylors solutions sounds the most secure. With two accesspoints or moreso wireless routers you could create two IP subnets. They would be secure as long as no IP routing was performed the two subnets and you weren't using any other protocols on your network like NetBEUI or IPX.
ASKER
but how bad is relying on NTFS permissions for keeping undesireables from accessing the server files
Really depends on the caliber of people on the wireless. Since you are going to allow everyone and some people like to drive around and try and hack things it is a pretty big target.
You could use two different access points. Both obviously having different SSIDs. The employees could use the encrypted ones which would be useful when they are working with files from the servers etc. You could also set their access point not to broadcast its SSID so it is invisible. The only way to get to it is to enter the exact SSID and encryption key (tis what we do)
Then you could set up that second Access Point without encryption but to maintain some security on your network you could also make the SSID set to not broadcast. That way no one knows it is out their.
NTFS permission on file servers are always great to have. It might be a good idea to moved to a machine running a Server OS so you can use a domain and centralized securtiy. That would provide the ultimate security of your files and printers.