Solved

Safe WIFI sharing

Posted on 2011-03-16
9
496 Views
Last Modified: 2012-05-11
We have a few small business clients that want to offer their clients free wifi access in their waiting rooms.
They do not want 2 ISPs.

Is there a cost effective router that will allow secure wifi access to the clients, that will prevent them from browsing or in any way jumping to the LAN,  and ensure no trojans or viruses can jump to the LAN subnet as well where sensitive business data resides?

0
Comment
Question by:j-teksolutions
9 Comments
 
LVL 4

Expert Comment

by:CHutchins
ID: 35150248
The proper way to do it is get a firewall that supports a DMZ.  Plug the wireless into the port set to be the DMZ and it will only have access to the internet.  
The cheap way to do it is put the wireless router on internet directly then put a firewall behind it and not allow traffic to pass from the routers IP's.  This is not as secure but would work.. but you can pick up a router with DMZ appliance for fairly cheap and do it right...

Look at Sonicwall, ASA 5505 and Juniper all should do what you want.
0
 
LVL 4

Accepted Solution

by:
needleboy earned 500 total points
ID: 35150360
Hi j-teksolutions,

You need access point that support user isolation

http://www.dlink.com/products/?pid=683

The DAP-2590 includes support for up to 8 VLANs for implementing multiple SSIDs to further help segment users on the network. It also includes a wireless client isolation mechanism, which limits direct client-to-client communication.

0
 
LVL 2

Expert Comment

by:DerekStone
ID: 35150401
A simpler option is to purchase a Linksys E-Series router that offers a "guest access" mode that establishes two independent networks, one for internal use and the other for guest-only Internet access. This tends to be fine for smaller businesses that don't want to put the money down on more high end solutions, like the concepts outlined by CHutchins above.
0
 
LVL 4

Expert Comment

by:bitla
ID: 35150548

Choose any router which has DHCP enabled.
Mostly all routers have DHCP but not all configurable.
DLINK and linksys are best.

Now in router configuration--
In DHCP settings---
you need set a DHCP scope.
Choose a class of IP address which is different from you LAN network.
Make sure you have set password for WIFI.
Save the settings
and restart the router.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 3

Expert Comment

by:lomejordeesto
ID: 35153638
What equipment are you using?? You can make a different VLAN for the clients and them on the router make an ACL to permit only access to internet and not your LAN.
0
 

Author Comment

by:j-teksolutions
ID: 35155453
needleboy that router isnt too bad at $410
I like the idea of a separate SID for say "public" then isolation that is perfect
Is config difficult or not too bad?
0
 
LVL 4

Expert Comment

by:needleboy
ID: 35155590
Hi j-teksolutions,

D-link Routers are user friendly and verry easy to configure.
All changes are made in simplified Web interface.

0
 
LVL 4

Assisted Solution

by:needleboy
needleboy earned 500 total points
ID: 35155640
Hi j-teksolutions,

You can find Product manual on this link, and see how easy is to configure isolation (page 47, WLAN partition)
 http://www.dlink.com/products/default.aspx?pid=DAP-2590&tab=3
0
 

Author Closing Comment

by:j-teksolutions
ID: 35155665
Thanks for your help needleboy
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now