Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Open Wireless on an office LAN

Posted on 2009-12-20
Medium Priority
Last Modified: 2013-11-09
On an office LAN with all domain workstations and a single domain controller.  None of the workstations have wireless cards.  There is no wireless traffic on the LAN.

The LAN is protected by a hardware firewall connection to the internet.

How insecure is it to add a linksys wireless (WRT54G) router on the inside, for the office waiting room?  An OPEN (unencrypted) wireless for use by visitors only, for their personal web surfing while waiting.

Would such a visitor (or a wireless user in an adjacent office) be able to see LAN packets, even though all LAN users are wired-connection-only?  Is such a system hackable from the wireless, even though the workstations are on a domain and the wireless users won't be domain users?

Like this:

Internet --- Firewall --- LanSwitch --- Domain Controller
                                                      |----Domain Workstations
                                                      |----Linksys Wireless Router

Thanks for your thoughts on this.

Question by:gateguard
  • 2
  • 2
LVL 21

Accepted Solution

Rick_O_Shay earned 1400 total points
ID: 26090780
Yes outside users could be able to see inside data but that can be controlled by using a new VLAN and rules to allow that VLAN's users access to the internet only.

Assisted Solution

biofishfreak earned 600 total points
ID: 26091364
I agree with Rick. Also, loading a firmware like DD-WRT will let you take your VLAN into the WRT54G and fine tune your wireless network that much more.

Author Comment

ID: 26096663
What about the shared internet connection between the 2 VLANs?  Is that a potential source of security breach?

biofishfreak, You raise an interesting point with DD-WRT, which I have used before.  You're saying with DD-WRT I can actually specify VLAN port assignments on the wireless itself?  I don't think I need that.  I just want the entire wireless completely "out of touch" with the LAN, but it's interesting that it's possible.
LVL 21

Expert Comment

ID: 26097541
The shared internet connection would be secure as any other outside Internet access.

Expert Comment

ID: 26099051
gateguard, the only possible issue of having the same net connection for both VLANs is that people on the visitor network will know your public IP. If you have a block of IPs I would suggest giving one to the wireless. My network has a separate IP that is used for guest access, but its VLAN'd through my internal networks equipment. Otherwise though, your 2 networks will be completely separate/ secure of one another.

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question