?
Solved

HOW TO: Force users to login via their browser when connecting to our unsecure wireless network

Posted on 2009-04-07
4
Medium Priority
?
329 Views
Last Modified: 2012-05-06
Hello,

When users connect to our unsecure wireless network I want them to be forced to login via their web browser before they can access the network.

I have servers running Windows Server 2003, Windows Server 2008, and Ubuntu Server. I would prefer to set this up on Windows Server 2008.

Do you know how I would do this or know of any documents to assist me?

Thanks!

Drew
0
Comment
Question by:drew17
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
EmpKent earned 750 total points
ID: 24092254
Drew,

I would put a proxy server in front of the gateway and you could force users to login there or configure it to authenticate against LDAP, Domain, etc.

ISA Server is one option for the MS servers. Squid is an open source proxy for your Linux box.

Thanks,

Kent
0
 
LVL 12

Assisted Solution

by:coredatarecovery
coredatarecovery earned 750 total points
ID: 24127639
This leaves a HUGE security hole in that you are only restricting web traffic with this.
someone can just connect and start transferring files with this method.

You should run either encrypted tcp/ip with certificate authentication to obtain an ip address or
run WPA2 and only assign IP Addresses who's mac addresses are in the allowed to connect policies.

0
 
LVL 7

Assisted Solution

by:EmpKent
EmpKent earned 750 total points
ID: 24129580
Coredata,

If you leave a default route on the router and do not use ACLs, you have security issues whether you use a proxy or not.

It is quite easy to restrict all outbound traffic to the proxy only.

Thanks,

Kent
0
 
LVL 12

Assisted Solution

by:coredatarecovery
coredatarecovery earned 750 total points
ID: 24129816
Absolutely correct,
Not to mention the fact that you can passively read all of the data packets without being assigned an IP address on the network.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question