We help IT Professionals succeed at work.

securing private LAN workgroup on public access WLAN ?

682 Views
Last Modified: 2013-11-12
i'm installing a wireless router for a friend of mine who runs a cafe. it's primarily so he can use his new laptop as well as his main office desktop, and he's bought a wireless printer as well.

however he also wants to offer open access wireless to his cafe customers, so people on their lunch breaks can bring in their laptops and check emails etc.

the issue here is that all his accounting and important company data is held on the office desktop, and he needs to ensure this stays secure. in short, we want to offer people internet access, but not to allow them access to the windows network (it's a workgroup, consisting now of 2 computers and 1 printer)

i'm comfortable enough with installing the wireless, and we're gonna WPA it until we're confident the private data is secured - but beyond ensuring there are strong passwords on all the network shares, is there anything else we can do to ensure security ? being only a small business, they're not concerned with massive security measures to fend off determined hackers - just enough to prevent a customer or member of staff from "accidentally" stealing, modifying or erasing important data.
Comment
Watch Question

The easiest thing to do would be to enable the windows firewall on both pcs and then open up ports to and from the individual office computers, block all others.
CERTIFIED EXPERT
Top Expert 2013
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Install host based firewalls on the "private" computers.

http://www.symantecstore.com/v2.0-img/operations/symantus/site/promo/pd/378503_navnis360_us.html

Others may tell you to get more hardware and physically seperate the "private' computers and that's not bad advice. I personally would run an ethernet cable from this router to a firewall and have all my "private" computers wired into the firewall. This assures 100% privacy. I just get the sense that you and your friend don't want to go to that extent, so I this is why I am suggesting the host based solution.

Author

Commented:
they need file/print sharing to work within the private LAN - both machines will need access to the printer, which is connected to the WLAN and not to either of the clients.

they handle credit cards at the POS which is dealt with by a credit card machine provided by the CC handling company. nothing to do with anything on the network. what i meant by "not concerned with massive security measures" is probably that they won't want to spend more on the security than they did on the network in the first place :)

the XP firewall is a good idea, and i'm liking the sound of using two routers. they have some hardware in place already (apparently they just got given a "load of wireless gear") so i'll need to see what they have. i've come armed with a belkin wireless adsl modem/router as well, and some client-side wireless cards, so it's quite possible that two routers will be straightforward enough.

There probably is no way to firewall the printer unless you have different subnets.
CERTIFIED EXPERT
Top Expert 2013

Commented:
If you need to enable file and print sharing I would definitely separate the 2 LAN's, using a second router. Having a business use an unencrypted wireless network, shared with unknown users could be disastrous, especially where you need to "punch" a hole in the firewall for file and print sharing. I can't imagine if the data were compromised, the client would say after the fact, that $100 was too much money.
CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
If you are using a Linksys Router, you can enable the AP Isolation Mode in the advanced settings....Should hide everyone from everyone.....You should still be able to reach the printer from his office with no problems....
CERTIFIED EXPERT
Most Valuable Expert 2011
Top Expert 2011

Commented:
Statick001

Any update?

Author

Commented:
sorry for the delay, i've been away out of the country a lot of this month

the guy has decided for now not to buy any further hardware - the wireless AP he was given turned out to be faulty, so he had to buy a wireless router anyway. so we've secured the WLAN for private use only, and will be looking to buy a second AP for public access at some point in the future

points awarded to robwill as that's the solution we're pusuing, albiet at some point in the future
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks Statick001. Good luck with the project.
Cheers !
--Rob

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.