A coffee shop down the way from me is offering free wireless to its customers. They asked me about providing their base station as a free access point while preserving security for their internal LAN. You know, it stumped me. In fact, I looked and could see all their network resources. Eventhough I wasn't a member of their domain and technically couldn't do much with them, the fact they were exposing themselves to customers, and the world for that matter, is a potential problem.
So I started thinking about WEP encryption and about wireless hookups in general.
I came up with a list of questions:
(1) How do other coffee shops setup secure Wireless without comprimising their internal LAN?
(1a) Can it be done using one single Broadband connection? Meaning, one DSL line split into two separate networks; one for
the customers and the other for the internal LAN...
(2) Is this something that can be done through the 128-bit WEP setup on the router?
For example, since their are up two four WEP generations doesn't it make sense that if I setup
the customers using WEP Key #2 it would separate them from the internal LAN authenticating on WEP key #1?
(3) Does this dual setup comprimise security on the firewall level?
Thanks in advance...
-- seismicom --