Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

HOW TO: Force users to login via their browser when connecting to our unsecure wireless network

Posted on 2009-04-07
4
325 Views
Last Modified: 2012-05-06
Hello,

When users connect to our unsecure wireless network I want them to be forced to login via their web browser before they can access the network.

I have servers running Windows Server 2003, Windows Server 2008, and Ubuntu Server. I would prefer to set this up on Windows Server 2008.

Do you know how I would do this or know of any documents to assist me?

Thanks!

Drew
0
Comment
Question by:drew17
  • 2
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
EmpKent earned 250 total points
ID: 24092254
Drew,

I would put a proxy server in front of the gateway and you could force users to login there or configure it to authenticate against LDAP, Domain, etc.

ISA Server is one option for the MS servers. Squid is an open source proxy for your Linux box.

Thanks,

Kent
0
 
LVL 12

Assisted Solution

by:coredatarecovery
coredatarecovery earned 250 total points
ID: 24127639
This leaves a HUGE security hole in that you are only restricting web traffic with this.
someone can just connect and start transferring files with this method.

You should run either encrypted tcp/ip with certificate authentication to obtain an ip address or
run WPA2 and only assign IP Addresses who's mac addresses are in the allowed to connect policies.

0
 
LVL 7

Assisted Solution

by:EmpKent
EmpKent earned 250 total points
ID: 24129580
Coredata,

If you leave a default route on the router and do not use ACLs, you have security issues whether you use a proxy or not.

It is quite easy to restrict all outbound traffic to the proxy only.

Thanks,

Kent
0
 
LVL 12

Assisted Solution

by:coredatarecovery
coredatarecovery earned 250 total points
ID: 24129816
Absolutely correct,
Not to mention the fact that you can passively read all of the data packets without being assigned an IP address on the network.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 99
WiFi Blackspot within home network 7 86
WiFi Router device supports GPON! 3 86
Wired Network vs Wireless 12 66
MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question