Open Wireless on an office LAN

Posted on 2009-12-20
Last Modified: 2013-11-09
On an office LAN with all domain workstations and a single domain controller.  None of the workstations have wireless cards.  There is no wireless traffic on the LAN.

The LAN is protected by a hardware firewall connection to the internet.

How insecure is it to add a linksys wireless (WRT54G) router on the inside, for the office waiting room?  An OPEN (unencrypted) wireless for use by visitors only, for their personal web surfing while waiting.

Would such a visitor (or a wireless user in an adjacent office) be able to see LAN packets, even though all LAN users are wired-connection-only?  Is such a system hackable from the wireless, even though the workstations are on a domain and the wireless users won't be domain users?

Like this:

Internet --- Firewall --- LanSwitch --- Domain Controller
                                                      |----Domain Workstations
                                                      |----Linksys Wireless Router

Thanks for your thoughts on this.

Question by:gateguard
    LVL 21

    Accepted Solution

    Yes outside users could be able to see inside data but that can be controlled by using a new VLAN and rules to allow that VLAN's users access to the internet only.
    LVL 3

    Assisted Solution

    I agree with Rick. Also, loading a firmware like DD-WRT will let you take your VLAN into the WRT54G and fine tune your wireless network that much more.

    Author Comment

    What about the shared internet connection between the 2 VLANs?  Is that a potential source of security breach?

    biofishfreak, You raise an interesting point with DD-WRT, which I have used before.  You're saying with DD-WRT I can actually specify VLAN port assignments on the wireless itself?  I don't think I need that.  I just want the entire wireless completely "out of touch" with the LAN, but it's interesting that it's possible.
    LVL 21

    Expert Comment

    The shared internet connection would be secure as any other outside Internet access.
    LVL 3

    Expert Comment

    gateguard, the only possible issue of having the same net connection for both VLANs is that people on the visitor network will know your public IP. If you have a block of IPs I would suggest giving one to the wireless. My network has a separate IP that is used for guest access, but its VLAN'd through my internal networks equipment. Otherwise though, your 2 networks will be completely separate/ secure of one another.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now